From 2f77ed66da70a4e52977cfd45f5a2eb1a0eaa7f3 Mon Sep 17 00:00:00 2001 From: shefali-malhotra <91597668+shefali-malhotra@users.noreply.github.com> Date: Fri, 30 Aug 2024 12:16:56 +0530 Subject: [PATCH 01/33] porting back the changes done for posting and certification back in release branch (#669) Signed-off-by: shefali-malhotra --- ...ll-csm-operator.clusterserviceversion.yaml | 47 ++++++++++++------- bundle/metadata/annotations.yaml | 2 +- 2 files changed, 30 insertions(+), 19 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index e0f6a66b7..b1411458c 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -3364,19 +3364,34 @@ spec: displayName: Name path: modules[0].name statusDescriptors: - - description: ControllerStatus is the status of Controller pods - displayName: ControllerStatus - path: controllerStatus + - description: Number of Available Controller pods + displayName: Available + path: controllerStatus.available x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:podStatuses - - description: NodeStatus is the status of Controller pods - displayName: NodeStatus - path: nodeStatus + - urn:alm:descriptor:text + - description: Number of Desired Controller pods + displayName: Desired + path: controllerStatus.desired x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:podStatuses - - description: State is the state of the driver installation - displayName: State - path: state + - urn:alm:descriptor:text + - description: Number of Failed Controller pods + displayName: Failed + path: controllerStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Available Node pods + displayName: Available + path: nodeStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Node pods + displayName: Desired + path: nodeStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Node pods + displayName: Failed + path: nodeStatus.failed x-descriptors: - urn:alm:descriptor:text version: v1 @@ -3401,7 +3416,9 @@ spec: Drivers\n*\tResiliency - Designed to make Kubernetes applications more resilient to \n node failures\n\nThese modules are available for various storage platforms in the Dell portfolio, \nsuch as Dell PowerStore, Dell PowerMax, Dell PowerFlex, - Dell PowerScale, and Dell Unity XT.\n\nFor more information, visit [Dell’s Container + Dell PowerScale, and Dell Unity XT.\n\n### Supported Openshift Platforms\n\nQualified Openshift versions for CSM Operator v1.6.0: 4.15-4.16 + \nQualified Openshift versions for CSM Operator v1.5.1: 4.13-4.15 + \n\nFor more information, visit [Dell’s Container Storage Module web page](https://www.dell.com/en-us/dt/solutions/kubernetes-containers/kubernetes-storage.htm)\n\nAdditional Materials\n*\t[CSM Operator GitHub Page](https://dell.github.io/csm-docs/docs/deployment/csmoperator/)\n*\t[CSM Introduction Video](https://www.youtube.com/watch?v=NtNSKdF9Iyo)\n*\t[CSM Solution @@ -3415,12 +3432,6 @@ spec: spec: clusterPermissions: - rules: - - apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' - nonResourceURLs: - /metrics verbs: diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index c48f36d48..4662e6dc9 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Annotations to specify supported OCP versions. - com.redhat.openshift.versions: v4.15-v4.16 + com.redhat.openshift.versions: "v4.15" From 0773fbbc476423c464bef699b1b3c4e60f14c5d6 Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Tue, 24 Sep 2024 06:24:07 +0000 Subject: [PATCH 02/33] changes of patch 1.6.1 --- Dockerfile | 2 +- Makefile | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 8 +- config/install/kustomization.yaml | 2 +- config/manager/kustomization.yaml | 2 +- config/manager/manager.yaml | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 10 +- config/samples/storage_v1_csm_powerstore.yaml | 4 +- controllers/csm_controller.go | 2 +- deploy/olm/operator_community.yaml | 2 +- deploy/operator.yaml | 8 +- docker.mk | 8 +- .../powerstore/v2.11.1/controller.yaml | 272 ++++++++++++++++++ .../powerstore/v2.11.1/csidriver.yaml | 27 ++ .../v2.11.1/driver-config-params.yaml | 29 ++ .../driverconfig/powerstore/v2.11.1/node.yaml | 246 ++++++++++++++++ .../powerstore/v2.11.1/upgrade-path.yaml | 1 + .../testdata/cr_powerstore_resiliency.yaml | 4 +- samples/storage_csm_powerstore_v2111.yaml | 216 ++++++++++++++ .../driverconfig/badDriver/v2.11.1/bad.yaml | 4 + .../badDriver/v2.11.1/controller.yaml | 4 + .../badDriver/v2.11.1/csidriver.yaml | 4 + .../v2.11.1/driver-config-params.yaml | 5 + .../badDriver/v2.11.1/upgrade-path.yaml | 4 + .../driverconfig/powerstore/v2.11.1/bad.yaml | 19 ++ .../powerstore/v2.11.1/config.json | 12 + .../powerstore/v2.11.1/controller.yaml | 270 +++++++++++++++++ .../powerstore/v2.11.1/csidriver.yaml | 27 ++ .../v2.11.1/driver-config-params.yaml | 25 ++ .../driverconfig/powerstore/v2.11.1/node.yaml | 244 ++++++++++++++++ .../powerstore/v2.11.1/upgrade-path.yaml | 16 ++ .../e2e/testfiles/storage_csm_powerstore.yaml | 2 +- .../storage_csm_powerstore_resiliency.yaml | 2 +- tests/shared/common.go | 2 +- 34 files changed, 1456 insertions(+), 31 deletions(-) create mode 100644 operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.11.1/csidriver.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.11.1/node.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.11.1/upgrade-path.yaml create mode 100644 samples/storage_csm_powerstore_v2111.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.11.1/bad.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.11.1/controller.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/bad.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/config.json create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/controller.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/node.yaml create mode 100644 tests/config/driverconfig/powerstore/v2.11.1/upgrade-path.yaml diff --git a/Dockerfile b/Dockerfile index c3ebaeffa..1ed57614f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,7 @@ LABEL vendor="Dell Inc." \ name="dell-csm-operator" \ summary="Operator for installing Dell CSI Drivers and Dell CSM Modules" \ description="Common Operator for installing various Dell CSI Drivers and Dell CSM Modules" \ - version="1.6.0" \ + version="1.6.1" \ license="Dell CSM Operator Apache License" # copy the licenses folder diff --git a/Makefile b/Makefile index ad0f7f99a..caa0f4e5d 100644 --- a/Makefile +++ b/Makefile @@ -208,7 +208,7 @@ OPM = $(shell which opm) endif endif -# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.6.0). +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.6.1). # These images MUST exist in a registry and be pull-able. BUNDLE_IMGS ?= $(BUNDLE_IMG) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index b1411458c..62b76790b 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -822,10 +822,10 @@ metadata: "value": "debug" } ], - "image": "dellemc/csi-powerstore:v2.11.0", + "image": "dellemc/csi-powerstore:v2.11.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.11.0", + "configVersion": "v2.11.1", "controller": { "envs": [ { @@ -4614,7 +4614,7 @@ spec: - name: RELATED_IMAGE_csipowermax-reverseproxy value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.0 + value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-unity value: docker.io/dellemc/csi-unity:v2.11.0 - name: RELATED_IMAGE_csi-vxflexos @@ -4728,7 +4728,7 @@ spec: name: csi-powermax - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.0 + - image: docker.io/dellemc/csi-powerstore:v2.11.1 name: csi-powerstore - image: docker.io/dellemc/csi-unity:v2.11.0 name: csi-unity diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index 7c3351233..531693b17 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -14,4 +14,4 @@ bases: images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.6.0 + newTag: v1.6.1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 88a696666..2572bb2a3 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.6.0 + newTag: v1.6.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 2bb51bfb9..cb787ca9e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -37,7 +37,7 @@ spec: name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 name: RELATED_IMAGE_csipowermax-reverseproxy - - value: docker.io/dellemc/csi-powerstore:v2.11.0 + - value: docker.io/dellemc/csi-powerstore:v2.11.1 name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-unity:v2.11.0 name: RELATED_IMAGE_csi-unity diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 52afcb459..debbd59b2 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: '[]' capabilities: Seamless Upgrades categories: Storage - containerImage: docker.io/dellemc/dell-csm-operator:v1.6.0 + containerImage: docker.io/dellemc/dell-csm-operator:v1.6.1 createdAt: "2022-03-29T11:59:59Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" @@ -17,7 +17,7 @@ metadata: features.operators.openshift.io/token-auth-gcp: "false" repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.6.0 + name: dell-csm-operator.v1.6.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -2004,7 +2004,7 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.6.0 + - image: docker.io/dellemc/dell-csm-operator:v1.6.1 name: dell-csm-operator - image: docker.io/dellemc/csi-isilon:v2.11.0 name: csi-isilon @@ -2012,7 +2012,7 @@ spec: name: csi-powermax - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.0 + - image: docker.io/dellemc/csi-powerstore:v2.11.1 name: csi-powerstore - image: docker.io/dellemc/csi-unity:v2.11.0 name: csi-unity @@ -2060,4 +2060,4 @@ spec: name: cert-persister skips: - dell-csm-operator.v1.5.1 - version: 1.6.0 + version: 1.6.1 diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 27b99aece..6f776e891 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -31,7 +31,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.11.0 + configVersion: v2.11.1 # authSecret: This is the secret used to validate the default PowerStore secret used for installation # Allowed values: -config # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config @@ -42,7 +42,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-powerstore:v2.11.0" + image: "dellemc/csi-powerstore:v2.11.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX diff --git a/controllers/csm_controller.go b/controllers/csm_controller.go index 4967b85f1..7e1e6d2b6 100644 --- a/controllers/csm_controller.go +++ b/controllers/csm_controller.go @@ -93,7 +93,7 @@ const ( CSMFinalizerName = "finalizer.dell.emc.com" // CSMVersion - - CSMVersion = "v1.11.0" + CSMVersion = "v1.11.1" ) var ( diff --git a/deploy/olm/operator_community.yaml b/deploy/olm/operator_community.yaml index 8484028a5..99aacc07e 100644 --- a/deploy/olm/operator_community.yaml +++ b/deploy/olm/operator_community.yaml @@ -5,7 +5,7 @@ metadata: namespace: test-csm-operator-olm spec: sourceType: grpc - image: docker.io/dellemc/dell-csm-operator:v1.6.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.1 --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 633634386..6c4a83119 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1328,7 +1328,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.11.0 + storage.dell.com/CSMVersion: v1.11.1 labels: control-plane: controller-manager spec: @@ -1339,7 +1339,7 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.0 + value: docker.io/dellemc/dell-csm-operator:v1.6.1 - name: RELATED_IMAGE_csi-isilon value: docker.io/dellemc/csi-isilon:v2.11.0 - name: RELATED_IMAGE_csi-powermax @@ -1347,7 +1347,7 @@ spec: - name: RELATED_IMAGE_csipowermax-reverseproxy value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.0 + value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-unity value: docker.io/dellemc/csi-unity:v2.11.0 - name: RELATED_IMAGE_csi-vxflexos @@ -1392,7 +1392,7 @@ spec: value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: RELATED_IMAGE_cert-persister value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.6.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/docker.mk b/docker.mk index b4fdf88b7..868f275e5 100644 --- a/docker.mk +++ b/docker.mk @@ -14,11 +14,11 @@ BUNDLE_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-bundle # Image tag base for community catalog images CATALOG_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-catalog -# Operator version tagged with build number. For e.g. - v1.6.0.001 -VERSION ?= v1.6.0 +# Operator version tagged with build number. For e.g. - v1.6.1.001 +VERSION ?= v1.6.1 # Bundle Version is the semantic version(required by operator-sdk) -BUNDLE_VERSION ?= 1.6.0 +BUNDLE_VERSION ?= 1.6.1 # Timestamp local builds TIMESTAMP := $(shell date +%Y%m%d%H%M%S) @@ -37,5 +37,5 @@ IMG ?= "$(REGISTRY)/$(IMAGE_TAG_BASE):$(VERSION)" # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) BUNDLE_IMG ?= "$(REGISTRY)/$(BUNDLE_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.6.0). +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.6.1). CATALOG_IMG ?= "$(REGISTRY)/$(CATALOG_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml new file mode 100644 index 000000000..83ba7ec4f --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml @@ -0,0 +1,272 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["volumegroup.storage.dell.com"] + resources: ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + verbs: ["create", "list", "watch", "delete", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--worker-threads=130" + - "--resync=10s" + - "--timeout=130s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--v=5" + - "--leader-election" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--snapshot-name-prefix=csisnap" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powerstore:v2.11.1 + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + - name: X_CSI_NFS_ACLS + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: true + - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE + value: true + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + volumes: + - name: socket-dir + emptyDir: + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/csidriver.yaml new file mode 100644 index 000000000..0f1b9547f --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/csidriver.yaml @@ -0,0 +1,27 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powerstore.dellemc.com +spec: + storageCapacity: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml new file mode 100644 index 000000000..c775e7442 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -0,0 +1,29 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/node.yaml new file mode 100644 index 000000000..91b2ad20a --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/node.yaml @@ -0,0 +1,246 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + #nodeSelector: + #tolerations: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostIPC: true + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powerstore:v2.11.1 + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: unix:///plugins/csi-powerstore.dellemc.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_POWERSTORE_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: + - name: X_CSI_POWERSTORE_NODE_ID_PATH + value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH + value: /noderoot + - name: X_CSI_POWERSTORE_TMP_DIR + value: /plugins/csi-powerstore.dellemc.com/tmp + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: + - name: X_CSI_POWERSTORE_ENABLE_CHAP + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: "true" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: run + mountPath: /run + - name: node-id + mountPath: /node-id + - name: etciscsi + mountPath: /etc/iscsi + - name: mpath + mountPath: /etc/multipath.conf + - name: noderoot + mountPath: /noderoot + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-powerstore.dellemc.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-powerstore.dellemc.com + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: node-id + hostPath: + path: /etc/machine-id + type: File + - name: etciscsi + hostPath: + path: /etc/iscsi + type: DirectoryOrCreate + - name: mpath + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + - name: noderoot + hostPath: + path: / + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run + hostPath: + path: /run + type: Directory + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/upgrade-path.yaml new file mode 100644 index 000000000..529a9668d --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.9.0 diff --git a/pkg/modules/testdata/cr_powerstore_resiliency.yaml b/pkg/modules/testdata/cr_powerstore_resiliency.yaml index ca2266e93..72aba5761 100644 --- a/pkg/modules/testdata/cr_powerstore_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerstore_resiliency.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.11.0 + configVersion: v2.11.1 authSecret: powerstore-creds replicas: 1 common: - image: "dellemc/csi-powerstore:v2.11.0" + image: "dellemc/csi-powerstore:v2.11.1" imagePullPolicy: IfNotPresent modules: - name: resiliency diff --git a/samples/storage_csm_powerstore_v2111.yaml b/samples/storage_csm_powerstore_v2111.yaml new file mode 100644 index 000000000..85cfa913e --- /dev/null +++ b/samples/storage_csm_powerstore_v2111.yaml @@ -0,0 +1,216 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.1 + # authSecret: This is the secret used to validate the default PowerStore secret used for installation + # Allowed values: -config + # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config + authSecret: powerstore-config + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-powerstore:v2.11.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: "csi-node" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: "/etc/fc-ports-filter" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + - name: CSI_LOG_LEVEL + value: debug + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.8.0 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # Set to "true" to enable ISCSI CHAP Authentication + # CHAP password will be autogenerated by driver + - name: "X_CSI_POWERSTORE_ENABLE_CHAP" + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + modules: + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: dellemc/podmon:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + - name: podmon-node + image: dellemc/podmon:v1.10.0 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" diff --git a/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml new file mode 100644 index 000000000..55d520672 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml @@ -0,0 +1,5 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml new file mode 100644 index 000000000..a85d0f248 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml @@ -0,0 +1,19 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +this snfoiasga + is + + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/config.json b/tests/config/driverconfig/powerstore/v2.11.1/config.json new file mode 100644 index 000000000..b90989ebe --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/config.json @@ -0,0 +1,12 @@ +[ + { + "username": "admin", + "password": "password", + "globalID": "unique" , + "blockProtocol": "auto", + "endpoint": "https://10.0.0.1/api/rest", + "skipCertificateValidation": true, + "nasName": "nas-server" , + "nfsAcls": "0777" + } +] \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml new file mode 100644 index 000000000..65f408104 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml @@ -0,0 +1,270 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["volumegroup.storage.dell.com"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + verbs: ["create", "list", "watch", "delete", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--worker-threads=130" + - "--resync=10s" + - "--timeout=130s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--v=5" + - "--leader-election" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--enable-capacity=false" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--snapshot-name-prefix=csisnap" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powerstore:v2.11.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + - name: X_CSI_NFS_ACLS + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: true + - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE + value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + volumes: + - name: socket-dir + emptyDir: + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml new file mode 100644 index 000000000..1d6b34780 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml @@ -0,0 +1,27 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powerstore.dellemc.com +spec: + storageCapacity: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml new file mode 100644 index 000000000..94ce0ee14 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -0,0 +1,25 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/node.yaml b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml new file mode 100644 index 000000000..b76231685 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml @@ -0,0 +1,244 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + #nodeSelector: + #tolerations: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostIPC: true + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powerstore:v2.11.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: unix:///plugins/csi-powerstore.dellemc.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_POWERSTORE_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: + - name: X_CSI_POWERSTORE_NODE_ID_PATH + value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH + value: /noderoot + - name: X_CSI_POWERSTORE_TMP_DIR + value: /plugins/csi-powerstore.dellemc.com/tmp + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: + - name: X_CSI_POWERSTORE_ENABLE_CHAP + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: "true" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: run + mountPath: /run + - name: node-id + mountPath: /node-id + - name: etciscsi + mountPath: /etc/iscsi + - name: mpath + mountPath: /etc/multipath.conf + - name: noderoot + mountPath: /noderoot + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-powerstore.dellemc.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-powerstore.dellemc.com + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: node-id + hostPath: + path: /etc/machine-id + type: File + - name: etciscsi + hostPath: + path: /etc/iscsi + type: DirectoryOrCreate + - name: mpath + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + - name: noderoot + hostPath: + path: / + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run + hostPath: + path: /run + type: Directory + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/upgrade-path.yaml b/tests/config/driverconfig/powerstore/v2.11.1/upgrade-path.yaml new file mode 100644 index 000000000..fd1516286 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.11.1/upgrade-path.yaml @@ -0,0 +1,16 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +minUpgradePath: v2.9.0 diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 2b1c0e7ad..06ee947c2 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -28,7 +28,7 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - configVersion: v2.11.0 + configVersion: v2.11.1 authSecret: powerstore-config # Controller count replicas: 1 diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index 97773e759..e54191e89 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -28,7 +28,7 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - configVersion: v2.11.0 + configVersion: v2.11.1 authSecret: powerstore-config # Controller count replicas: 2 diff --git a/tests/shared/common.go b/tests/shared/common.go index 8cf11947a..570b9c752 100644 --- a/tests/shared/common.go +++ b/tests/shared/common.go @@ -35,7 +35,7 @@ const ( JumpDowngradeConfigVersion string = "v2.10.0" OldConfigVersion string = "v2.2.0" BadConfigVersion string = "v0" - PStoreConfigVersion string = "v2.11.0" + PStoreConfigVersion string = "v2.11.1" UnityConfigVersion string = "v2.11.0" PScaleConfigVersion string = "v2.11.0" PmaxConfigVersion string = "v2.11.0" From 6f68f5e066357fb5ac23f9323127b1dadef9ee11 Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Tue, 24 Sep 2024 06:26:09 +0000 Subject: [PATCH 03/33] missing changes of patch 1.6.1 --- bundle/manifests/dell-csm-operator.clusterserviceversion.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 62b76790b..b359863f1 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1460,7 +1460,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.6.0 + name: dell-csm-operator.v1.6.1 namespace: placeholder spec: apiservicedefinitions: {} From 2e9672b84b1df92f4c41491882ee4d9ae476b9a6 Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Tue, 24 Sep 2024 06:35:20 +0000 Subject: [PATCH 04/33] added common changes of patch 1.6.1 --- operatorconfig/moduleconfig/common/version-values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index c7a7c5ff1..116127650 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -70,6 +70,8 @@ powerstore: resiliency: "v1.9.1" v2.11.0: resiliency: "v1.10.0" + v2.11.1: + resiliency: "v1.10.0" powermax: # List of Driver versions and modules that supports the version v2.9.0: From 0468765b14caa1de3b6cab8b0ade243fa68216c5 Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Tue, 24 Sep 2024 08:00:24 +0000 Subject: [PATCH 05/33] added unity changes for patch 1.6.1 --- ...ll-csm-operator.clusterserviceversion.yaml | 8 +- config/manager/manager.yaml | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 2 +- config/samples/storage_v1_csm_unity.yaml | 4 +- deploy/operator.yaml | 2 +- .../unity/v2.11.1/controller.yaml | 261 ++++++++++++++++++ .../driverconfig/unity/v2.11.1/csidriver.yaml | 12 + .../unity/v2.11.1/driver-config-params.yaml | 13 + .../driverconfig/unity/v2.11.1/node.yaml | 193 +++++++++++++ .../unity/v2.11.1/upgrade-path.yaml | 1 + samples/storage_csm_unity_v2111.yaml | 168 +++++++++++ .../driverconfig/unity/v2.11.1/bad.yaml | 19 ++ .../driverconfig/unity/v2.11.1/config.json | 12 + .../unity/v2.11.1/controller.yaml | 259 +++++++++++++++++ .../driverconfig/unity/v2.11.1/csidriver.yaml | 12 + .../unity/v2.11.1/driver-config-params.yaml | 12 + .../driverconfig/unity/v2.11.1/node.yaml | 189 +++++++++++++ .../unity/v2.11.1/upgrade-path.yaml | 1 + tests/e2e/testfiles/storage_csm_unity.yaml | 2 +- tests/shared/common.go | 2 +- 20 files changed, 1163 insertions(+), 11 deletions(-) create mode 100644 operatorconfig/driverconfig/unity/v2.11.1/controller.yaml create mode 100644 operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml create mode 100644 operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/unity/v2.11.1/node.yaml create mode 100644 operatorconfig/driverconfig/unity/v2.11.1/upgrade-path.yaml create mode 100644 samples/storage_csm_unity_v2111.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/bad.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/config.json create mode 100644 tests/config/driverconfig/unity/v2.11.1/controller.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/csidriver.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/driver-config-params.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/node.yaml create mode 100644 tests/config/driverconfig/unity/v2.11.1/upgrade-path.yaml diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index b359863f1..5705134ee 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1011,10 +1011,10 @@ metadata: "value": "true" } ], - "image": "dellemc/csi-unity:v2.11.0", + "image": "dellemc/csi-unity:v2.11.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.11.0", + "configVersion": "v2.11.1", "controller": { "envs": [ { @@ -4616,7 +4616,7 @@ spec: - name: RELATED_IMAGE_csi-powerstore value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.0 + value: docker.io/dellemc/csi-unity:v2.11.1 - name: RELATED_IMAGE_csi-vxflexos value: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: RELATED_IMAGE_sdc @@ -4730,7 +4730,7 @@ spec: name: csipowermax-reverseproxy - image: docker.io/dellemc/csi-powerstore:v2.11.1 name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.0 + - image: docker.io/dellemc/csi-unity:v2.11.1 name: csi-unity - image: docker.io/dellemc/csi-vxflexos:v2.11.0 name: csi-vxflexos diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index cb787ca9e..bdd7f9458 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -39,7 +39,7 @@ spec: name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csi-powerstore:v2.11.1 name: RELATED_IMAGE_csi-powerstore - - value: docker.io/dellemc/csi-unity:v2.11.0 + - value: docker.io/dellemc/csi-unity:v2.11.1 name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-vxflexos:v2.11.0 name: RELATED_IMAGE_csi-vxflexos diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index debbd59b2..989502a5f 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -2014,7 +2014,7 @@ spec: name: csipowermax-reverseproxy - image: docker.io/dellemc/csi-powerstore:v2.11.1 name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.0 + - image: docker.io/dellemc/csi-unity:v2.11.1 name: csi-unity - image: docker.io/dellemc/csi-vxflexos:v2.11.0 name: csi-vxflexos diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 210dc1702..d17519397 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -16,14 +16,14 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.11.0 + configVersion: v2.11.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-unity:v2.11.0" + image: "dellemc/csi-unity:v2.11.1" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 6c4a83119..bb0828d49 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1349,7 +1349,7 @@ spec: - name: RELATED_IMAGE_csi-powerstore value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.0 + value: docker.io/dellemc/csi-unity:v2.11.1 - name: RELATED_IMAGE_csi-vxflexos value: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: RELATED_IMAGE_sdc diff --git a/operatorconfig/driverconfig/unity/v2.11.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.11.1/controller.yaml new file mode 100644 index 000000000..7dc4afa46 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.11.1/controller.yaml @@ -0,0 +1,261 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "create", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + # below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + template: + metadata: + labels: + app: -controller + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--timeout=180s" + - "--worker-threads=6" + - "--v=5" + - "--feature-gates=Topology=true" + - "--strict-topology=true" + - "--leader-election" + - "--leader-election-namespace=" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--snapshot-name-prefix=csi-snap" + - "--snapshot-name-uuid-length=10" + - "--timeout=360s" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-unity:v2.11.1 + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + volumes: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: socket-dir + emptyDir: + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml new file mode 100644 index 000000000..1ef295e21 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-unity.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml new file mode 100644 index 000000000..3a1c28626 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + CSI_LOG_FORMAT: "JSON" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: 0 + SYNC_NODE_INFO_TIME_INTERVAL: 15 + TENANT_NAME: "" \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.11.1/node.yaml b/operatorconfig/driverconfig/unity/v2.11.1/node.yaml new file mode 100644 index 000000000..9aa609b4d --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.11.1/node.yaml @@ -0,0 +1,193 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + annotations: + kubectl.kubernetes.io/default-container: driver + spec: + serviceAccountName: -node + hostIPC: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-unity:v2.11.1 + imagePullPolicy: IfNotPresent + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/var/lib/kubelet/plugins/unity.emc.dell.com/disks" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + - name: X_CSI_UNITY_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + volumeMounts: + - name: driver-path + mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com + - name: volumedevices-path + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: noderoot + mountPath: /noderoot + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /var/lib/kubelet/plugins/unity.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.11.1/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.11.1/upgrade-path.yaml new file mode 100644 index 000000000..529a9668d --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.11.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.9.0 diff --git a/samples/storage_csm_unity_v2111.yaml b/samples/storage_csm_unity_v2111.yaml new file mode 100644 index 000000000..1ff3a30d8 --- /dev/null +++ b/samples/storage_csm_unity_v2111.yaml @@ -0,0 +1,168 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.1 + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-unity:v2.11.1" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. + # Allowed values: boolean + # Default value: "false" + # Examples : "true" , "false" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before + # running any iscsi commands. This value should only be set when instructed + # by technical support + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. + # Allowed values: integer + # Default value: 15 + # Examples : 0 , 2 + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # CSI_LOG_LEVEL is used to set the logging level of the driver. + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "info" + - name: CSI_LOG_LEVEL + value: debug + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: CSI_LOG_FORMAT + value: "TEXT" + # TENANT_NAME - Tenant name that need to added while adding host entry to the array. + # Allowed values: string + # Default value: "" + # Examples : "tenant2" , "tenant3" + - name: TENANT_NAME + value: "" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (unity-cert-0..unity-cert-n) + # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. + # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate + # Allowed values: + # true: skip Unisphere API server's certificate verification + # false: verify Unisphere API server's certificates + # Default value: true + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.8.0 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks (comma separated) + # Default value: "" + # Provide them in the following format: "net1, net2" + # CIDR format should be used + # eg: "192.168.1.0/24, 192.168.100.0/22" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: +# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint +# - key: "node-role.kubernetes.io/control-plane" +# operator: "Exists" +# effect: "NoSchedule" diff --git a/tests/config/driverconfig/unity/v2.11.1/bad.yaml b/tests/config/driverconfig/unity/v2.11.1/bad.yaml new file mode 100644 index 000000000..0e37cfa82 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/bad.yaml @@ -0,0 +1,19 @@ +# +# +# Copyright © 2024 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.11.1/config.json b/tests/config/driverconfig/unity/v2.11.1/config.json new file mode 100644 index 000000000..77550649a --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/config.json @@ -0,0 +1,12 @@ +[ + { + "arrayId": "AB1234567890" , + "username": "admin", + "password": "password", + "endpoint": "https://10.0.0.1/", + "skipCertificateValidation": true, + "isDefault": true + } +] + + diff --git a/tests/config/driverconfig/unity/v2.11.1/controller.yaml b/tests/config/driverconfig/unity/v2.11.1/controller.yaml new file mode 100644 index 000000000..c6d0f57a9 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/controller.yaml @@ -0,0 +1,259 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "create", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update","patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + template: + metadata: + labels: + app: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--timeout=180s" + - "--worker-threads=6" + - "--v=5" + - "--feature-gates=Topology=true" + - "--strict-topology=true" + - "--leader-election" + - "--leader-election-namespace=" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--snapshot-name-prefix=csi-snap" + - "--snapshot-name-uuid-length=10" + - "--timeout=360s" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-unity:v2.11.1 + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + volumes: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: socket-dir + emptyDir: + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml new file mode 100644 index 000000000..1ef295e21 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-unity.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/unity/v2.11.1/driver-config-params.yaml new file mode 100644 index 000000000..c49210aab --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/driver-config-params.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: 0 + SYNC_NODE_INFO_TIME_INTERVAL: 15 + TENANT_NAME: "" diff --git a/tests/config/driverconfig/unity/v2.11.1/node.yaml b/tests/config/driverconfig/unity/v2.11.1/node.yaml new file mode 100644 index 000000000..bccf645f9 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/node.yaml @@ -0,0 +1,189 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccountName: -node + hostIPC: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-unity:nightly + imagePullPolicy: IfNotPresent + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/var/lib/kubelet/plugins/unity.emc.dell.com/disks" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + - name: X_CSI_UNITY_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: driver-path + mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com + - name: volumedevices-path + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: noderoot + mountPath: /noderoot + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /var/lib/kubelet/plugins/unity.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.11.1/upgrade-path.yaml new file mode 100644 index 000000000..529a9668d --- /dev/null +++ b/tests/config/driverconfig/unity/v2.11.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.9.0 diff --git a/tests/e2e/testfiles/storage_csm_unity.yaml b/tests/e2e/testfiles/storage_csm_unity.yaml index 1312230ca..8dbca8642 100644 --- a/tests/e2e/testfiles/storage_csm_unity.yaml +++ b/tests/e2e/testfiles/storage_csm_unity.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.11.0 + configVersion: v2.11.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet diff --git a/tests/shared/common.go b/tests/shared/common.go index 570b9c752..1eb44439f 100644 --- a/tests/shared/common.go +++ b/tests/shared/common.go @@ -36,7 +36,7 @@ const ( OldConfigVersion string = "v2.2.0" BadConfigVersion string = "v0" PStoreConfigVersion string = "v2.11.1" - UnityConfigVersion string = "v2.11.0" + UnityConfigVersion string = "v2.11.1" PScaleConfigVersion string = "v2.11.0" PmaxConfigVersion string = "v2.11.0" AuthServerConfigVersion string = "v1.11.0" From 57fe3e59568918b48cb3ce41ddea3bf8d7c5682d Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Tue, 24 Sep 2024 09:25:53 +0000 Subject: [PATCH 06/33] added pfx changes for patch 1.6.1 --- .../1.6.1/storage_csm_powerflex_v2110.yaml | 406 ++++++++++++++++++ .../1.6.1/storage_csm_powerstore_v2111.yaml | 216 ++++++++++ .../ocp/1.6.1/storage_csm_unity_v2111.yaml | 168 ++++++++ 3 files changed, 790 insertions(+) create mode 100644 samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml create mode 100644 samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml create mode 100644 samples/ocp/1.6.1/storage_csm_unity_v2111.yaml diff --git a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml new file mode 100644 index 000000000..6891adc32 --- /dev/null +++ b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml @@ -0,0 +1,406 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/csi-vxflexos@sha256:a4e96d11be8920f01b273748a8cf8cfc60515403640f77f101a13f7d79056e23" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + sideCars: + # 'k8s' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 + args: ["--volume-name-prefix=k8s"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: docker.io/dellemc/sdc@sha256:84d21e0bf603c1af86d937faa8950faa9d5aa53e9fb37af16cf77e9632004e33 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + # "controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + initContainers: + - image: docker.io/dellemc/sdc@sha256:84d21e0bf603c1af86d937faa8950faa9d5aa53e9fb37af16cf77e9632004e33 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. + # Do not change the configVersion to v2.0.0-alpha + configVersion: v1.11.0 + components: + - name: karavi-authorization-proxy + # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha + image: registry.connect.redhat.com/dell-emc/csm-authorization-sidecar@sha256:5d3f43f2c1bb0704ddf4b9d8f9218cc2d77cabcd73ec9e7076f4865809d2fc5d + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.9.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/csm-topology@sha256:25eb850d37bdd78fa62f39c17d8208a4f21539ff7396dc7b672bf6945bba388d + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: docker.io/otel/opentelemetry-collector@sha256:cecb0904bcc2a90c823c2c044e7034934ab6c98b5ec52c337c0f6c6e57cd3cf1 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: false + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: registry.connect.redhat.com/dell-emc/csm-metrics-powerflex@sha256:03d145edb80b8633168af7c7236bde6887cd9f28b6c765fce427f245599feef6 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: registry.connect.redhat.com/dell-emc/dell-csi-replicator@sha256:d378bd9538dd73fca6f6837df6f01570f16e4d30aa6704588ecda4e39ce12668 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: registry.connect.redhat.com/dell-emc/dell-replication-controller@sha256:d06408eb29f2da630bf46452f25cec022758d414ea7122618d7f1374e224b443 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - name: podmon-node + image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml new file mode 100644 index 000000000..26c16776d --- /dev/null +++ b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml @@ -0,0 +1,216 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.1 + # authSecret: This is the secret used to validate the default PowerStore secret used for installation + # Allowed values: -config + # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config + authSecret: powerstore-config + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/csi-powerstore@sha256:df2c274f6be40a35ee6e1355ee58b8bf4e0e2f9351db45c19f94c1e8282f6533" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: "csi-node" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: "/etc/fc-ports-filter" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + - name: CSI_LOG_LEVEL + value: debug + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # Set to "true" to enable ISCSI CHAP Authentication + # CHAP password will be autogenerated by driver + - name: "X_CSI_POWERSTORE_ENABLE_CHAP" + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + modules: + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + - name: podmon-node + image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml new file mode 100644 index 000000000..a7b08c4a2 --- /dev/null +++ b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml @@ -0,0 +1,168 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + csiDriverSpec: + # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.1 + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "registry.connect.redhat.com/dell-emc/csi-unity@" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. + # Allowed values: boolean + # Default value: "false" + # Examples : "true" , "false" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before + # running any iscsi commands. This value should only be set when instructed + # by technical support + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. + # Allowed values: integer + # Default value: 15 + # Examples : 0 , 2 + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # CSI_LOG_LEVEL is used to set the logging level of the driver. + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "info" + - name: CSI_LOG_LEVEL + value: debug + # CSI driver log format + # Allowed values: "TEXT" or "JSON" + # Default value: "TEXT" + - name: CSI_LOG_FORMAT + value: "TEXT" + # TENANT_NAME - Tenant name that need to added while adding host entry to the array. + # Allowed values: string + # Default value: "" + # Examples : "tenant2" , "tenant3" + - name: TENANT_NAME + value: "" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (unity-cert-0..unity-cert-n) + # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. + # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate + # Allowed values: + # true: skip Unisphere API server's certificate verification + # false: verify Unisphere API server's certificates + # Default value: true + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c + - name: csi-metadata-retriever + image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks (comma separated) + # Default value: "" + # Provide them in the following format: "net1, net2" + # CIDR format should be used + # eg: "192.168.1.0/24, 192.168.100.0/22" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" \ No newline at end of file From aece62cc3c20e2ccfb410230f6e21ede0c3d5123 Mon Sep 17 00:00:00 2001 From: Rishabh Raj <120644626+rishabhatdell@users.noreply.github.com> Date: Tue, 24 Sep 2024 16:54:34 +0530 Subject: [PATCH 07/33] fix gosec issues --- pkg/modules/authorization.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/modules/authorization.go b/pkg/modules/authorization.go index 3b389809a..44764f8b3 100644 --- a/pkg/modules/authorization.go +++ b/pkg/modules/authorization.go @@ -756,7 +756,8 @@ func authorizationStorageServiceV2(ctx context.Context, isDeleting bool, cr csmv continue } } - + // conversion to int32 is safe for a value up to 2147483647 + // #nosec G115 deployment := getStorageServiceScaffold(cr.Name, cr.Namespace, image, int32(replicas)) // set vault volumes From 8f88b95d393ed8197ecc6a8dcdb3126d1fe04cd9 Mon Sep 17 00:00:00 2001 From: Surya Date: Tue, 24 Sep 2024 11:48:54 +0000 Subject: [PATCH 08/33] formatting fixes --- pkg/modules/authorization.go | 2 +- tests/e2e/e2e_test.go | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/modules/authorization.go b/pkg/modules/authorization.go index 44764f8b3..2a3b0e101 100644 --- a/pkg/modules/authorization.go +++ b/pkg/modules/authorization.go @@ -756,7 +756,7 @@ func authorizationStorageServiceV2(ctx context.Context, isDeleting bool, cr csmv continue } } - // conversion to int32 is safe for a value up to 2147483647 + // conversion to int32 is safe for a value up to 2147483647 // #nosec G115 deployment := getStorageServiceScaffold(cr.Name, cr.Namespace, image, int32(replicas)) diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go index de8364078..555d12ab7 100644 --- a/tests/e2e/e2e_test.go +++ b/tests/e2e/e2e_test.go @@ -131,11 +131,9 @@ var _ = BeforeSuite(func() { step.StepRunnerInit(stepRunner, ctrlClient, clientSet) beautify = " " - }) var _ = Describe("[run-e2e-test] E2E Testing", func() { - It("Running all test Given Test Scenarios", func() { if testApex { for _, test := range testResourcesApex { @@ -155,7 +153,6 @@ var _ = Describe("[run-e2e-test] E2E Testing", func() { By(fmt.Sprintf("Ending: %s\n", test.ScenarioApex.Scenario)) time.Sleep(5 * time.Second) } - } if testCsm { for _, test := range testResources { From d919c7065890b54e07e438c773910ed88cbd6c02 Mon Sep 17 00:00:00 2001 From: Surya Date: Tue, 24 Sep 2024 12:16:24 +0000 Subject: [PATCH 09/33] yamllint fixes --- .github/workflows/actions.yml | 12 +- ...er-manager-metrics-service_v1_service.yaml | 8 +- ...ole_rbac.authorization.k8s.io_v1_role.yaml | 62 +- ...c.authorization.k8s.io_v1_rolebinding.yaml | 6 +- ...c.authorization.k8s.io_v1_clusterrole.yaml | 8 +- ...c.authorization.k8s.io_v1_clusterrole.yaml | 24 +- ...rization.k8s.io_v1_clusterrolebinding.yaml | 6 +- ...ll-csm-operator.clusterserviceversion.yaml | 6696 +++++++++-------- ...rage.dell.com_apexconnectivityclients.yaml | 1445 ++-- ...rage.dell.com_containerstoragemodules.yaml | 3620 +++++---- bundle/tests/scorecard/config.yaml | 124 +- ...rage.dell.com_apexconnectivityclients.yaml | 1901 ++--- ...rage.dell.com_containerstoragemodules.yaml | 3620 +++++---- config/crd/kustomization.yaml | 6 +- config/crd/kustomizeconfig.yaml | 24 +- config/crd/patches/webhook_in_csms.yaml | 2 +- config/default/kustomization.yaml | 16 +- config/default/manager_auth_proxy_patch.yaml | 32 +- config/default/manager_config_patch.yaml | 20 +- config/install/kustomization.yaml | 6 +- config/manager/kustomization.yaml | 14 +- config/manager/manager.yaml | 166 +- ...ll-csm-operator.clusterserviceversion.yaml | 4190 ++++++----- config/manifests/kustomization.yaml | 9 +- config/prometheus/kustomization.yaml | 2 +- config/prometheus/monitor.yaml | 1 - .../application_mobility_clusterrole.yaml | 12 +- .../application_mobility_role_binding.yaml | 6 +- .../rbac/auth_proxy_client_clusterrole.yaml | 8 +- config/rbac/auth_proxy_role.yaml | 24 +- config/rbac/auth_proxy_role_binding.yaml | 6 +- config/rbac/auth_proxy_service.yaml | 8 +- config/rbac/csm_editor_role.yaml | 36 +- config/rbac/csm_viewer_role.yaml | 28 +- config/rbac/kustomization.yaml | 36 +- config/rbac/leader_election_role.yaml | 62 +- config/rbac/leader_election_role_binding.yaml | 6 +- config/rbac/role.yaml | 2270 +++--- config/rbac/role_binding.yaml | 6 +- config/samples/kustomization.yaml | 2 +- config/samples/storage_v1_csm_powerstore.yaml | 2 +- config/samples/storage_v1_csm_unity.yaml | 6 +- config/scorecard/bases/config.yaml | 4 +- config/scorecard/kustomization.yaml | 26 +- config/scorecard/patches/basic.config.yaml | 4 +- config/scorecard/patches/olm.config.yaml | 20 +- config/serviceaccount/kustomization.yaml | 2 +- deploy/crds/storage.dell.com.crds.all.yaml | 4050 +++++----- deploy/operator.yaml | 2574 +++---- .../v1.0.0/brownfield-onboard.yaml | 2 +- .../v1.0.0/statefulset.yaml | 8 +- .../v1.0.0/upgrade-path.yaml | 2 +- .../v1.1.0/brownfield-onboard.yaml | 2 +- .../v1.1.0/statefulset.yaml | 8 +- .../powerflex/v2.10.0/controller.yaml | 24 +- .../powerflex/v2.10.0/csidriver.yaml | 14 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.0/node.yaml | 8 +- .../powerflex/v2.10.1/controller.yaml | 24 +- .../powerflex/v2.10.1/csidriver.yaml | 14 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.1/node.yaml | 8 +- .../powerflex/v2.11.0/csidriver.yaml | 14 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../powerflex/v2.9.0/controller.yaml | 24 +- .../powerflex/v2.9.0/csidriver.yaml | 14 +- .../v2.9.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.0/node.yaml | 8 +- .../powerflex/v2.9.1/controller.yaml | 24 +- .../powerflex/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powerflex/v2.9.1/node.yaml | 8 +- .../powerflex/v2.9.2/controller.yaml | 24 +- .../powerflex/v2.9.2/csidriver.yaml | 14 +- .../v2.9.2/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.2/node.yaml | 8 +- .../powermax/v2.10.0/controller.yaml | 24 +- .../powermax/v2.10.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.0/node.yaml | 14 +- .../powermax/v2.10.1/controller.yaml | 24 +- .../powermax/v2.10.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.1/node.yaml | 14 +- .../powermax/v2.11.0/csidriver.yaml | 14 +- .../powermax/v2.9.0/controller.yaml | 24 +- .../powermax/v2.9.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.0/node.yaml | 14 +- .../powermax/v2.9.1/controller.yaml | 24 +- .../powermax/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.1/node.yaml | 14 +- .../powerscale/v2.10.0/controller.yaml | 24 +- .../powerscale/v2.10.0/csidriver.yaml | 12 +- .../v2.10.0/driver-config-params.yaml | 1 - .../driverconfig/powerscale/v2.10.0/node.yaml | 10 +- .../powerscale/v2.10.1/controller.yaml | 24 +- .../powerscale/v2.10.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.1/node.yaml | 10 +- .../powerscale/v2.11.0/controller.yaml | 2 +- .../powerscale/v2.11.0/csidriver.yaml | 12 +- .../v2.11.0/driver-config-params.yaml | 1 - .../powerscale/v2.9.0/controller.yaml | 24 +- .../powerscale/v2.9.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.0/node.yaml | 10 +- .../powerscale/v2.9.1/controller.yaml | 24 +- .../powerscale/v2.9.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.1/node.yaml | 10 +- .../powerstore/v2.10.0/controller.yaml | 21 +- .../powerstore/v2.10.0/csidriver.yaml | 2 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.0/node.yaml | 4 +- .../powerstore/v2.10.1/controller.yaml | 21 +- .../powerstore/v2.10.1/csidriver.yaml | 2 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.1/node.yaml | 4 +- .../powerstore/v2.11.0/controller.yaml | 3 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../powerstore/v2.11.1/controller.yaml | 3 +- .../v2.11.1/driver-config-params.yaml | 2 +- .../powerstore/v2.9.0/controller.yaml | 21 +- .../powerstore/v2.9.0/csidriver.yaml | 2 +- .../v2.9.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.0/node.yaml | 4 +- .../powerstore/v2.9.0/upgrade-path.yaml | 2 +- .../powerstore/v2.9.1/controller.yaml | 21 +- .../powerstore/v2.9.1/csidriver.yaml | 2 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.1/node.yaml | 4 +- .../unity/v2.10.0/controller.yaml | 26 +- .../driverconfig/unity/v2.10.0/csidriver.yaml | 16 +- .../unity/v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.10.0/node.yaml | 6 +- .../unity/v2.10.1/controller.yaml | 26 +- .../driverconfig/unity/v2.10.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.1/node.yaml | 6 +- .../driverconfig/unity/v2.11.0/csidriver.yaml | 16 +- .../unity/v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.11.1/csidriver.yaml | 16 +- .../unity/v2.11.1/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.9.0/controller.yaml | 26 +- .../driverconfig/unity/v2.9.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.0/node.yaml | 6 +- .../unity/v2.9.0/upgrade-path.yaml | 2 +- .../driverconfig/unity/v2.9.1/controller.yaml | 26 +- .../driverconfig/unity/v2.9.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.1/node.yaml | 6 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.0/app-mobility-crds.yaml | 1245 +-- .../v1.0.0/app-mobility-webhook-service.yaml | 136 +- .../v1.0.0/certificate.yaml | 6 +- .../v1.0.0/velero-backupstoragelocation.yaml | 8 +- .../v1.0.0/velero-crds.yaml | 4893 ++++++------ .../v1.0.0/velero-deployment.yaml | 22 +- .../v1.0.0/velero-secret.yaml | 2 +- .../v1.0.0/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.1/app-mobility-crds.yaml | 1245 +-- .../v1.0.1/app-mobility-webhook-service.yaml | 136 +- .../v1.0.1/certificate.yaml | 6 +- .../v1.0.1/velero-backupstoragelocation.yaml | 8 +- .../v1.0.1/velero-crds.yaml | 4893 ++++++------ .../v1.0.1/velero-deployment.yaml | 22 +- .../v1.0.1/velero-secret.yaml | 2 +- .../v1.0.1/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.2/app-mobility-crds.yaml | 1245 +-- .../v1.0.2/app-mobility-webhook-service.yaml | 136 +- .../v1.0.2/certificate.yaml | 6 +- .../v1.0.2/velero-backupstoragelocation.yaml | 8 +- .../v1.0.2/velero-crds.yaml | 4893 ++++++------ .../v1.0.2/velero-deployment.yaml | 22 +- .../v1.0.2/velero-secret.yaml | 2 +- .../v1.0.2/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.3/app-mobility-crds.yaml | 1245 +-- .../v1.0.3/app-mobility-webhook-service.yaml | 136 +- .../v1.0.3/certificate.yaml | 6 +- .../v1.0.3/velero-backupstoragelocation.yaml | 8 +- .../v1.0.3/velero-crds.yaml | 4893 ++++++------ .../v1.0.3/velero-deployment.yaml | 22 +- .../v1.0.3/velero-secret.yaml | 2 +- .../v1.0.3/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 16 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.1.0/app-mobility-crds.yaml | 1245 +-- .../v1.1.0/app-mobility-webhook-service.yaml | 86 +- .../v1.1.0/certificate.yaml | 6 +- .../v1.1.0/velero-backupstoragelocation.yaml | 8 +- .../v1.1.0/velero-crds.yaml | 5983 ++++++++------- .../v1.1.0/velero-deployment.yaml | 22 +- .../v1.1.0/velero-secret.yaml | 2 +- .../v1.1.0/velero-volumesnapshotlocation.yaml | 4 +- .../authorization/v1.10.0/cert-manager.yaml | 170 +- .../authorization/v1.10.0/deployment.yaml | 284 +- .../v1.10.0/local-provisioner.yaml | 4 +- .../v1.10.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.10.1/cert-manager.yaml | 170 +- .../authorization/v1.10.1/deployment.yaml | 284 +- .../v1.10.1/local-provisioner.yaml | 4 +- .../v1.10.1/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.11.0/cert-manager.yaml | 170 +- .../authorization/v1.11.0/deployment.yaml | 284 +- .../v1.11.0/local-provisioner.yaml | 4 +- .../v1.11.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.9.0/cert-manager.yaml | 170 +- .../authorization/v1.9.0/deployment.yaml | 286 +- .../v1.9.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.9.1/cert-manager.yaml | 170 +- .../authorization/v1.9.1/deployment.yaml | 286 +- .../v1.9.1/nginx-ingress-controller.yaml | 689 +- .../v2.0.0-alpha/authorization-crds.yaml | 738 +- .../v2.0.0-alpha/cert-manager.yaml | 170 +- .../v2.0.0-alpha/deployment.yaml | 640 +- .../v2.0.0-alpha/local-provisioner.yaml | 2 +- .../nginx-ingress-controller.yaml | 688 +- .../moduleconfig/common/cert-manager.yaml | 187 +- .../common/cert-manager/cert-manager.yaml | 413 +- .../moduleconfig/common/version-values.yaml | 100 +- .../csireverseproxy/v2.8.1/container.yaml | 2 +- .../observability/v1.7.0/custom-cert.yaml | 8 +- .../v1.7.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.7.0/karavi-metrics-powermax.yaml | 9 +- .../v1.7.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.7.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.7.0/karavi-topology.yaml | 5 - .../observability/v1.7.0/selfsigned-cert.yaml | 7 +- .../observability/v1.8.0/custom-cert.yaml | 8 +- .../v1.8.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.8.0/karavi-metrics-powermax.yaml | 9 +- .../v1.8.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.8.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.8.0/karavi-topology.yaml | 5 - .../observability/v1.8.0/selfsigned-cert.yaml | 7 +- .../observability/v1.8.1/custom-cert.yaml | 8 +- .../v1.8.1/karavi-metrics-powerflex.yaml | 7 +- .../v1.8.1/karavi-metrics-powermax.yaml | 9 +- .../v1.8.1/karavi-metrics-powerscale.yaml | 9 +- .../v1.8.1/karavi-otel-collector.yaml | 13 +- .../observability/v1.8.1/karavi-topology.yaml | 5 - .../observability/v1.8.1/selfsigned-cert.yaml | 7 +- .../observability/v1.9.0/custom-cert.yaml | 8 +- .../v1.9.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.9.0/karavi-metrics-powermax.yaml | 9 +- .../v1.9.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.9.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.9.0/karavi-topology.yaml | 5 - .../observability/v1.9.0/selfsigned-cert.yaml | 7 +- .../replication/v1.7.0/controller.yaml | 398 +- .../v1.7.0/replicationcrds.all.yaml | 411 +- .../replication/v1.7.0/rules.yaml | 18 +- .../replication/v1.7.1/controller.yaml | 398 +- .../v1.7.1/replicationcrds.all.yaml | 411 +- .../replication/v1.7.1/rules.yaml | 18 +- .../replication/v1.8.0/controller.yaml | 398 +- .../v1.8.0/replicationcrds.all.yaml | 411 +- .../replication/v1.8.0/rules.yaml | 18 +- .../replication/v1.8.1/controller.yaml | 398 +- .../v1.8.1/replicationcrds.all.yaml | 411 +- .../replication/v1.8.1/rules.yaml | 18 +- .../replication/v1.9.0/controller.yaml | 398 +- .../v1.9.0/replicationcrds.all.yaml | 411 +- .../replication/v1.9.0/rules.yaml | 18 +- .../container-powerflex-controller.yaml | 2 +- .../v1.10.0/container-powerflex-node.yaml | 2 +- .../v1.10.0/container-powermax-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.10.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.10.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.10.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.8.0/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.8.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.8.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.8.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.8.1/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.8.1/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.8.1/container-powerstore-node.yaml | 2 +- .../resiliency/v1.8.1/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.9.0/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.9.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.9.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.9.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.9.1/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.9.1/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.9.1/container-powerstore-node.yaml | 2 +- .../resiliency/v1.9.1/node-roles.yaml | 2 +- ...ty-controller-manager-metrics-service.yaml | 4 +- .../app-mobility-controller-manager.yaml | 4 +- .../v1.1.0/app-mobility-webhook-service.yaml | 4 +- .../testdata/cr_application_mobility.yaml | 4 +- ...cr_application_mobility_custom_region.yaml | 4 +- .../testdata/cr_powerflex_observability.yaml | 4 +- ...r_powerflex_observability_custom_cert.yaml | 4 +- ...observability_custom_cert_missing_key.yaml | 4 +- .../testdata/cr_powermax_resiliency.yaml | 1 - .../csm-authorization_csmtenant.yaml | 2 +- .../csm_authorization_proxy_server_v190.yaml | 108 +- .../csm_authorization_proxy_server_v191.yaml | 108 +- ...authorization_proxy_server_v200-alpha.yaml | 3 +- samples/csireverseproxy/config.yaml | 4 +- .../1.6.1/storage_csm_powerflex_v2110.yaml | 6 +- .../1.6.1/storage_csm_powerstore_v2111.yaml | 2 +- .../ocp/1.6.1/storage_csm_unity_v2111.yaml | 2 +- samples/storage_csm_powerflex_v2101.yaml | 123 +- samples/storage_csm_powermax_v2101.yaml | 146 +- samples/storage_csm_powermax_v291.yaml | 146 +- samples/storage_csm_powerscale_v2101.yaml | 272 +- samples/storage_csm_powerscale_v291.yaml | 272 +- .../apexconnectivityclient/v1.0.0/bad.yaml | 4 +- .../v1.0.0/statefulset.yaml | 12 +- .../apexconnectivityclient/v1.1.0/bad.yaml | 4 +- .../v1.1.0/statefulset.yaml | 12 +- .../clientconfig/badclient/badClient/bad.yaml | 4 +- .../clientconfig/badclient/statefulset.yaml | 4 +- .../badclient/v1.0.0/statefulset.yaml | 4 +- .../badclient/v1.1.0/statefulset.yaml | 4 +- .../driverconfig/badDriver/v2.10.0/bad.yaml | 4 +- .../badDriver/v2.10.0/controller.yaml | 4 +- .../badDriver/v2.10.0/csidriver.yaml | 4 +- .../v2.10.0/driver-config-params.yaml | 5 +- .../badDriver/v2.10.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.10.1/bad.yaml | 4 +- .../badDriver/v2.10.1/controller.yaml | 4 +- .../badDriver/v2.10.1/csidriver.yaml | 4 +- .../v2.10.1/driver-config-params.yaml | 5 +- .../badDriver/v2.10.1/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.11.0/bad.yaml | 4 +- .../badDriver/v2.11.0/controller.yaml | 4 +- .../badDriver/v2.11.0/csidriver.yaml | 4 +- .../v2.11.0/driver-config-params.yaml | 5 +- .../badDriver/v2.11.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.11.1/bad.yaml | 4 +- .../badDriver/v2.11.1/controller.yaml | 4 +- .../badDriver/v2.11.1/csidriver.yaml | 4 +- .../v2.11.1/driver-config-params.yaml | 5 +- .../badDriver/v2.11.1/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.9.0/bad.yaml | 4 +- .../badDriver/v2.9.0/controller.yaml | 4 +- .../badDriver/v2.9.0/csidriver.yaml | 4 +- .../v2.9.0/driver-config-params.yaml | 5 +- .../badDriver/v2.9.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.9.1/bad.yaml | 4 +- .../badDriver/v2.9.1/controller.yaml | 4 +- .../badDriver/v2.9.1/csidriver.yaml | 4 +- .../v2.9.1/driver-config-params.yaml | 5 +- .../badDriver/v2.9.1/upgrade-path.yaml | 4 +- .../driverconfig/powerflex/v2.10.0/bad.yaml | 4 +- .../powerflex/v2.10.0/controller.yaml | 24 +- .../powerflex/v2.10.0/csidriver.yaml | 14 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.0/node.yaml | 8 +- .../driverconfig/powerflex/v2.10.1/bad.yaml | 4 +- .../powerflex/v2.10.1/controller.yaml | 24 +- .../powerflex/v2.10.1/csidriver.yaml | 14 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.1/node.yaml | 8 +- .../driverconfig/powerflex/v2.11.0/bad.yaml | 4 +- .../powerflex/v2.11.0/controller.yaml | 24 +- .../powerflex/v2.11.0/csidriver.yaml | 14 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.11.0/node.yaml | 8 +- .../driverconfig/powerflex/v2.9.1/bad.yaml | 4 +- .../powerflex/v2.9.1/controller.yaml | 24 +- .../powerflex/v2.9.1/csidriver.yaml | 14 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.1/node.yaml | 8 +- .../driverconfig/powermax/v2.10.0/bad.yaml | 4 +- .../powermax/v2.10.0/controller.yaml | 26 +- .../powermax/v2.10.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.0/node.yaml | 8 +- .../driverconfig/powermax/v2.10.1/bad.yaml | 4 +- .../powermax/v2.10.1/controller.yaml | 26 +- .../powermax/v2.10.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.1/node.yaml | 8 +- .../driverconfig/powermax/v2.11.0/bad.yaml | 4 +- .../powermax/v2.11.0/controller.yaml | 26 +- .../powermax/v2.11.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.11.0/node.yaml | 8 +- .../driverconfig/powermax/v2.9.1/bad.yaml | 4 +- .../powermax/v2.9.1/controller.yaml | 26 +- .../powermax/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.1/node.yaml | 8 +- .../driverconfig/powerscale/v2.10.0/bad.yaml | 4 +- .../powerscale/v2.10.0/controller.yaml | 22 +- .../powerscale/v2.10.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.10.1/bad.yaml | 4 +- .../powerscale/v2.10.1/controller.yaml | 22 +- .../powerscale/v2.10.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.1/node.yaml | 10 +- .../driverconfig/powerscale/v2.11.0/bad.yaml | 4 +- .../powerscale/v2.11.0/controller.yaml | 22 +- .../powerscale/v2.11.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.11.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.9.0/bad.yaml | 4 +- .../powerscale/v2.9.0/controller.yaml | 22 +- .../powerscale/v2.9.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.9.1/bad.yaml | 4 +- .../powerscale/v2.9.1/controller.yaml | 22 +- .../powerscale/v2.9.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.1/node.yaml | 10 +- .../driverconfig/powerstore/v2.10.0/bad.yaml | 4 +- .../powerstore/v2.10.0/controller.yaml | 21 +- .../powerstore/v2.10.0/csidriver.yaml | 2 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.0/node.yaml | 6 +- .../driverconfig/powerstore/v2.10.1/bad.yaml | 4 +- .../powerstore/v2.10.1/controller.yaml | 21 +- .../powerstore/v2.10.1/csidriver.yaml | 2 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.1/node.yaml | 6 +- .../driverconfig/powerstore/v2.11.0/bad.yaml | 4 +- .../powerstore/v2.11.0/controller.yaml | 21 +- .../powerstore/v2.11.0/csidriver.yaml | 2 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.11.0/node.yaml | 6 +- .../driverconfig/powerstore/v2.11.1/bad.yaml | 4 +- .../powerstore/v2.11.1/controller.yaml | 21 +- .../powerstore/v2.11.1/csidriver.yaml | 2 +- .../v2.11.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.11.1/node.yaml | 6 +- .../driverconfig/powerstore/v2.9.1/bad.yaml | 4 +- .../powerstore/v2.9.1/controller.yaml | 21 +- .../powerstore/v2.9.1/csidriver.yaml | 2 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.1/node.yaml | 6 +- .../driverconfig/unity/v2.10.0/bad.yaml | 4 +- .../unity/v2.10.0/controller.yaml | 26 +- .../driverconfig/unity/v2.10.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.0/node.yaml | 6 +- .../driverconfig/unity/v2.10.1/bad.yaml | 4 +- .../unity/v2.10.1/controller.yaml | 26 +- .../driverconfig/unity/v2.10.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.1/node.yaml | 6 +- .../driverconfig/unity/v2.11.0/bad.yaml | 4 +- .../unity/v2.11.0/controller.yaml | 26 +- .../driverconfig/unity/v2.11.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.11.0/node.yaml | 6 +- .../driverconfig/unity/v2.11.1/bad.yaml | 4 +- .../unity/v2.11.1/controller.yaml | 26 +- .../driverconfig/unity/v2.11.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.11.1/node.yaml | 6 +- .../config/driverconfig/unity/v2.9.1/bad.yaml | 4 +- .../driverconfig/unity/v2.9.1/controller.yaml | 26 +- .../driverconfig/unity/v2.9.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.1/node.yaml | 6 +- .../csm_application_mobility_n_minus_1.yaml | 164 +- .../csm_application_mobility_no_velero.yaml | 150 +- .../csm_application_mobility_vanilla.yaml | 149 +- .../csm_application_mobility_with_pflex.yaml | 150 +- ...m_application_mobility_with_pflex_alt.yaml | 150 +- .../powerflex_noAM.yaml | 167 +- .../velero-values.yaml | 20 +- tests/e2e/testfiles/appmob-values.yaml | 1 - .../csm-authorization-template.yaml | 2 - .../csm_authorization_crds.yaml | 738 +- .../csm_authorization_local_storage.yaml | 2 +- tests/e2e/testfiles/cert-manager-crds.yaml | 413 +- tests/e2e/testfiles/connectivity-values.yaml | 38 +- tests/e2e/testfiles/pflex-pscale-values.yaml | 10 +- .../powerflex-secret-template.yaml | 3 +- .../powerflex-storageclass-template.yaml | 10 +- .../powermax-secret-template.yaml | 2 +- .../powermax-storageclass-template.yaml | 1 - .../powermax_reverse_proxy_config.yaml | 2 +- .../testfiles/powerscale-cert-secret-0.yaml | 6 +- .../testfiles/powerscale-cert-secret-1.yaml | 6 +- .../testfiles/powerscale-cert-secret-2.yaml | 6 +- .../e2e/testfiles/powerscale-sc-alt-ifs.yaml | 1 - tests/e2e/testfiles/powerscale-sc.yaml | 1 - .../powerstore-secret-template.yaml | 4 +- .../sample-application/kustomization.yaml | 6 +- .../sample-application/mysql-deployment.yaml | 32 +- .../wordpress-deployment.yaml | 42 +- tests/e2e/testfiles/scenarios.yaml | 11 +- ...observability_upgrade_with_powerscale.yaml | 4 +- ...sm_powerflex_auth_driver_only_upgrade.yaml | 35 +- .../storage_csm_powerflex_auth_n_minus_1.yaml | 35 +- .../storage_csm_powerflex_downgrade.yaml | 125 +- .../storage_csm_powerflex_resiliency.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 46 +- .../storage_csm_powermax_authorization.yaml | 46 +- .../storage_csm_powermax_observability.yaml | 46 +- .../storage_csm_powermax_resiliency.yaml | 44 +- ...m_powermax_reverseproxy_authorization.yaml | 4 +- .../storage_csm_powermax_sidecar.yaml | 44 +- .../storage_csm_powerscale_observability.yaml | 976 +-- ...erscale_observability_top_custom_cert.yaml | 976 +-- ...age_csm_powerscale_observability_val1.yaml | 280 +- ...age_csm_powerscale_observability_val2.yaml | 280 +- .../storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerstore.yaml | 2 +- .../storage_csm_powerstore_resiliency.yaml | 2 +- 507 files changed, 46933 insertions(+), 44187 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 202965ba1..62bff70d9 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -115,12 +115,12 @@ jobs: uses: actions/checkout@v4 - name: Build Docker Images run: | - chmod +x ./scripts/build-ubi-micro.sh - make build-base-image - make -o gen-semver - podman build -t docker.io/csm-operator -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/csm-operator-ubimicro" - podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar - docker load -i /tmp/csm-operator.tar + chmod +x ./scripts/build-ubi-micro.sh + make build-base-image + make -o gen-semver + podman build -t docker.io/csm-operator -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/csm-operator-ubimicro" + podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar + docker load -i /tmp/csm-operator.tar - name: Scan controller Image uses: Azure/container-scan@v0 env: diff --git a/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml index d74ee1d5d..ce8731775 100644 --- a/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml +++ b/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml @@ -7,10 +7,10 @@ metadata: name: dell-csm-operator-controller-manager-metrics-service spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager status: diff --git a/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml b/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml index 6b238f1da..735b5c2b8 100644 --- a/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml +++ b/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml @@ -4,34 +4,34 @@ metadata: creationTimestamp: null name: dell-csm-operator-leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml b/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml index c9bde6514..41033e2a0 100644 --- a/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml +++ b/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -8,6 +8,6 @@ roleRef: kind: Role name: dell-csm-operator-leader-election-role subjects: -- kind: ServiceAccount - name: default - namespace: default + - kind: ServiceAccount + name: default + namespace: default diff --git a/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml index f9745ba6b..03f1dd647 100644 --- a/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -4,7 +4,7 @@ metadata: creationTimestamp: null name: dell-csm-operator-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml index 4eaa31e97..6b03235b4 100644 --- a/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -4,15 +4,15 @@ metadata: creationTimestamp: null name: dell-csm-operator-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml index f0d87323e..14b911166 100644 --- a/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ b/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -8,6 +8,6 @@ roleRef: kind: ClusterRole name: dell-csm-operator-proxy-role subjects: -- kind: ServiceAccount - name: default - namespace: default + - kind: ServiceAccount + name: default + namespace: default diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 1dc250392..0e0cb522a 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1466,1936 +1466,2108 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - displayName: Apex Connectivity Client - kind: ApexConnectivityClient - name: apexconnectivityclients.storage.dell.com - specDescriptors: - - description: Common is the common specification for both controller and node - plugins - displayName: Common specification - path: client.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.common.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.common.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.common.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.common.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.common.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.common.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.common.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.common.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.common.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.common.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.common.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.common.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.common.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.common.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.common.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.common.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.common.veleroNamespace - - description: ConfigVersion is the configuration version of the client - displayName: Config Version - path: client.configVersion - - description: ConnectionTarget is the target that the client connects to in - the Dell datacenter - displayName: Connection Target - path: client.connectionTarget - - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - displayName: Client Type - path: client.csmClientType - - description: ForceRemoveClient is the boolean flag used to remove client deployment - when CR is deleted - displayName: Force Remove Client - path: client.forceRemoveClient - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.initContainers[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.initContainers[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.initContainers[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.initContainers[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.initContainers[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.initContainers[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.initContainers[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.initContainers[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.initContainers[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.initContainers[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.initContainers[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.initContainers[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.initContainers[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.initContainers[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.initContainers[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.initContainers[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.initContainers[0].veleroNamespace - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: client.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.sideCars[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.sideCars[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.sideCars[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.sideCars[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.sideCars[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.sideCars[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.sideCars[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.sideCars[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.sideCars[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.sideCars[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.sideCars[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.sideCars[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.sideCars[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.sideCars[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.sideCars[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.sideCars[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.sideCars[0].veleroNamespace - - description: UsePrivateCaCerts is used to specify private CA signed certs - displayName: Use Private CA Certs - path: client.usePrivateCaCerts - statusDescriptors: - - description: State is the state of the client installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - - description: ContainerStorageModule is the Schema for the containerstoragemodules - API - displayName: Container Storage Module - kind: ContainerStorageModule - name: containerstoragemodules.storage.dell.com - specDescriptors: - - description: AuthSecret is the name of the credentials secret for the driver - displayName: Auth Secret - path: driver.authSecret - - description: Common is the common specification for both controller and node - plugins - displayName: Common specification - path: driver.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.common.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.common.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.common.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.common.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.common.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.common.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.common.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.common.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.common.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.common.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.common.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.common.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.common.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.common.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.common.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.common.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.common.veleroNamespace - - description: ConfigVersion is the configuration version of the driver - displayName: Config Version - path: driver.configVersion - - description: Controller is the specification for Controller plugin only - displayName: Controller Specification - path: driver.controller - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.controller.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.controller.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.controller.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.controller.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.controller.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.controller.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.controller.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.controller.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.controller.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.controller.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.controller.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.controller.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.controller.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.controller.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.controller.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.controller.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.controller.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.controller.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.controller.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.controller.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.controller.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.controller.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.controller.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.controller.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.controller.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.controller.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.controller.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.controller.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.controller.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.controller.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.controller.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.controller.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.controller.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.controller.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.controller.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.controller.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.controller.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.controller.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.controller.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.controller.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.controller.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.controller.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.controller.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.controller.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.controller.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.controller.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.controller.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.controller.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.controller.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.controller.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.controller.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.controller.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.controller.veleroNamespace - - description: CSIDriverSpec is the specification for CSIDriver - displayName: CSI Driver Spec - path: driver.csiDriverSpec - - description: CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - displayName: CSI Driver Type - path: driver.csiDriverType - - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - displayName: DNSPolicy - path: driver.dnsPolicy - - description: ForceRemoveDriver is the boolean flag used to remove driver deployment - when CR is deleted - displayName: Force Remove Driver - path: driver.forceRemoveDriver - - description: ForceUpdate is the boolean flag used to force an update of the - driver instance - displayName: Force update - path: driver.forceUpdate - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.initContainers[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.initContainers[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.initContainers[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.initContainers[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.initContainers[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.initContainers[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.initContainers[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.initContainers[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.initContainers[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.initContainers[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.initContainers[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.initContainers[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.initContainers[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.initContainers[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.initContainers[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.initContainers[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.initContainers[0].veleroNamespace - - description: Node is the specification for Node plugin only - displayName: Node specification - path: driver.node - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.node.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.node.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.node.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.node.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.node.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.node.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.node.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.node.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.node.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.node.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.node.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.node.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.node.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.node.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.node.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.node.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.node.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.node.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.node.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.node.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.node.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.node.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.node.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.node.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.node.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.node.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.node.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.node.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.node.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.node.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.node.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.node.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.node.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.node.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.node.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.node.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.node.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.node.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.node.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.node.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.node.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.node.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.node.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.node.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.node.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.node.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.node.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.node.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.node.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.node.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.node.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.node.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.node.veleroNamespace - - description: Replicas is the count of controllers for Controller plugin - displayName: Controller count - path: driver.replicas - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: driver.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.sideCars[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.sideCars[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.sideCars[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.sideCars[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.sideCars[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.sideCars[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.sideCars[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.sideCars[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.sideCars[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.sideCars[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.sideCars[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.sideCars[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.sideCars[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.sideCars[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.sideCars[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.sideCars[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.sideCars[0].veleroNamespace - - description: SnapshotClass is the specification for Snapshot Classes - displayName: Snapshot Classes - path: driver.snapshotClass - - description: Name is the name of the Snapshot Class - displayName: Snapshot Class Name - path: driver.snapshotClass[0].name - - description: Parameters is a map of driver specific parameters for snapshot - class - displayName: Snapshot Class Parameters - path: driver.snapshotClass[0].parameters - - description: TLSCertSecret is the name of the TLS Cert secret - displayName: TLSCert Secret - path: driver.tlsCertSecret - - description: Components is the specification for CSM components containers - displayName: ContainerStorageModule components specification - path: modules[0].components - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].components[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].components[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].components[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].components[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].components[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].components[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].components[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].components[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].components[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].components[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].components[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].components[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].components[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].components[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].components[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].components[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].components[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].components[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].components[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].components[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].components[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].components[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].components[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].components[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].components[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].components[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].components[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].components[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].components[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].components[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].components[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].components[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].components[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].components[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].components[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].components[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].components[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].components[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].components[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].components[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].components[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].components[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].components[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].components[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].components[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].components[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].components[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].components[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].components[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].components[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].components[0].veleroNamespace - - description: ConfigVersion is the configuration version of the module - displayName: Config Version - path: modules[0].configVersion - - description: Enabled is used to indicate whether or not to deploy a module - displayName: Enabled - path: modules[0].enabled - - description: ForceRemoveModule is the boolean flag used to remove authorization - proxy server deployment when CR is deleted - displayName: Force Remove Module - path: modules[0].forceRemoveModule - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].initContainer[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].initContainer[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].initContainer[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].initContainer[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].initContainer[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].initContainer[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].initContainer[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].initContainer[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].initContainer[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].initContainer[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].initContainer[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].initContainer[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].initContainer[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].initContainer[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].initContainer[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].initContainer[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].initContainer[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].initContainer[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].initContainer[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].initContainer[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].initContainer[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].initContainer[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].initContainer[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].initContainer[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].initContainer[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].initContainer[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].initContainer[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].initContainer[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].initContainer[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].initContainer[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].initContainer[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].initContainer[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].initContainer[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].initContainer[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].initContainer[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].initContainer[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].initContainer[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].initContainer[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].initContainer[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].initContainer[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].initContainer[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].initContainer[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].initContainer[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].initContainer[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].initContainer[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].initContainer[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].initContainer[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].initContainer[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].initContainer[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].initContainer[0].veleroNamespace - - description: Name is name of ContainerStorageModule modules - displayName: Name - path: modules[0].name - statusDescriptors: - - description: Number of Available Controller pods - displayName: Available - path: controllerStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Controller pods - displayName: Desired - path: controllerStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Controller pods - displayName: Failed - path: controllerStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Available Node pods - displayName: Available - path: nodeStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Node pods - displayName: Desired - path: nodeStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Node pods - displayName: Failed - path: nodeStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: State is the state of the driver installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - description: "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator + - description: + ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + displayName: Apex Connectivity Client + kind: ApexConnectivityClient + name: apexconnectivityclients.storage.dell.com + specDescriptors: + - description: + Common is the common specification for both controller and node + plugins + displayName: Common specification + path: client.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.common.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.common.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.common.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.common.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.common.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.common.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.common.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.common.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.common.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.common.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.common.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.common.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.common.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.common.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.common.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.common.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.common.veleroNamespace + - description: ConfigVersion is the configuration version of the client + displayName: Config Version + path: client.configVersion + - description: + ConnectionTarget is the target that the client connects to in + the Dell datacenter + displayName: Connection Target + path: client.connectionTarget + - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + displayName: Client Type + path: client.csmClientType + - description: + ForceRemoveClient is the boolean flag used to remove client deployment + when CR is deleted + displayName: Force Remove Client + path: client.forceRemoveClient + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.initContainers[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.initContainers[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.initContainers[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.initContainers[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.initContainers[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.initContainers[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.initContainers[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.initContainers[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.initContainers[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.initContainers[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.initContainers[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.initContainers[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.initContainers[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.initContainers[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.initContainers[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.initContainers[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.initContainers[0].veleroNamespace + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: client.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.sideCars[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.sideCars[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.sideCars[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.sideCars[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.sideCars[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.sideCars[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.sideCars[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.sideCars[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.sideCars[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.sideCars[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.sideCars[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.sideCars[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.sideCars[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.sideCars[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.sideCars[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.sideCars[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.sideCars[0].veleroNamespace + - description: UsePrivateCaCerts is used to specify private CA signed certs + displayName: Use Private CA Certs + path: client.usePrivateCaCerts + statusDescriptors: + - description: State is the state of the client installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + - description: + ContainerStorageModule is the Schema for the containerstoragemodules + API + displayName: Container Storage Module + kind: ContainerStorageModule + name: containerstoragemodules.storage.dell.com + specDescriptors: + - description: AuthSecret is the name of the credentials secret for the driver + displayName: Auth Secret + path: driver.authSecret + - description: + Common is the common specification for both controller and node + plugins + displayName: Common specification + path: driver.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.common.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.common.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.common.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.common.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.common.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.common.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.common.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.common.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.common.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.common.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.common.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.common.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.common.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.common.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.common.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.common.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.common.veleroNamespace + - description: ConfigVersion is the configuration version of the driver + displayName: Config Version + path: driver.configVersion + - description: Controller is the specification for Controller plugin only + displayName: Controller Specification + path: driver.controller + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.controller.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.controller.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.controller.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.controller.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.controller.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.controller.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.controller.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.controller.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.controller.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.controller.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.controller.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.controller.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.controller.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.controller.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.controller.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.controller.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.controller.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.controller.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.controller.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.controller.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.controller.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.controller.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.controller.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.controller.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.controller.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.controller.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.controller.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.controller.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.controller.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.controller.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.controller.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.controller.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.controller.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.controller.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.controller.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.controller.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.controller.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.controller.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.controller.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.controller.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.controller.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.controller.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.controller.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.controller.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.controller.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.controller.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.controller.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.controller.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.controller.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.controller.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.controller.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.controller.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.controller.veleroNamespace + - description: CSIDriverSpec is the specification for CSIDriver + displayName: CSI Driver Spec + path: driver.csiDriverSpec + - description: + CSIDriverType is the CSI Driver type for Dell Technologies - + e.g, powermax, powerflex,... + displayName: CSI Driver Type + path: driver.csiDriverType + - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + displayName: DNSPolicy + path: driver.dnsPolicy + - description: + ForceRemoveDriver is the boolean flag used to remove driver deployment + when CR is deleted + displayName: Force Remove Driver + path: driver.forceRemoveDriver + - description: + ForceUpdate is the boolean flag used to force an update of the + driver instance + displayName: Force update + path: driver.forceUpdate + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.initContainers[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.initContainers[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.initContainers[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.initContainers[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.initContainers[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.initContainers[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.initContainers[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.initContainers[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.initContainers[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.initContainers[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.initContainers[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.initContainers[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.initContainers[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.initContainers[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.initContainers[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.initContainers[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.initContainers[0].veleroNamespace + - description: Node is the specification for Node plugin only + displayName: Node specification + path: driver.node + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.node.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.node.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.node.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.node.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.node.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.node.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.node.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.node.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.node.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.node.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.node.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.node.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.node.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.node.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.node.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.node.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.node.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.node.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.node.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.node.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.node.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.node.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.node.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.node.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.node.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.node.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.node.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.node.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.node.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.node.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.node.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.node.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.node.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.node.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.node.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.node.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.node.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.node.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.node.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.node.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.node.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.node.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.node.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.node.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.node.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.node.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.node.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.node.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.node.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.node.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.node.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.node.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.node.veleroNamespace + - description: Replicas is the count of controllers for Controller plugin + displayName: Controller count + path: driver.replicas + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: driver.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.sideCars[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.sideCars[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.sideCars[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.sideCars[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.sideCars[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.sideCars[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.sideCars[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.sideCars[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.sideCars[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.sideCars[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.sideCars[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.sideCars[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.sideCars[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.sideCars[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.sideCars[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.sideCars[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.sideCars[0].veleroNamespace + - description: SnapshotClass is the specification for Snapshot Classes + displayName: Snapshot Classes + path: driver.snapshotClass + - description: Name is the name of the Snapshot Class + displayName: Snapshot Class Name + path: driver.snapshotClass[0].name + - description: + Parameters is a map of driver specific parameters for snapshot + class + displayName: Snapshot Class Parameters + path: driver.snapshotClass[0].parameters + - description: TLSCertSecret is the name of the TLS Cert secret + displayName: TLSCert Secret + path: driver.tlsCertSecret + - description: Components is the specification for CSM components containers + displayName: ContainerStorageModule components specification + path: modules[0].components + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].components[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].components[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].components[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].components[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].components[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].components[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].components[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].components[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].components[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].components[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].components[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].components[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].components[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].components[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].components[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].components[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].components[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].components[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].components[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].components[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].components[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].components[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].components[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].components[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].components[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].components[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].components[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].components[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].components[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].components[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].components[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].components[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].components[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].components[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].components[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].components[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].components[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].components[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].components[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].components[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].components[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].components[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].components[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].components[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].components[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].components[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].components[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].components[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].components[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].components[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].components[0].veleroNamespace + - description: ConfigVersion is the configuration version of the module + displayName: Config Version + path: modules[0].configVersion + - description: Enabled is used to indicate whether or not to deploy a module + displayName: Enabled + path: modules[0].enabled + - description: + ForceRemoveModule is the boolean flag used to remove authorization + proxy server deployment when CR is deleted + displayName: Force Remove Module + path: modules[0].forceRemoveModule + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].initContainer[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].initContainer[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].initContainer[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].initContainer[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].initContainer[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].initContainer[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].initContainer[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].initContainer[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].initContainer[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].initContainer[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].initContainer[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].initContainer[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].initContainer[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].initContainer[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].initContainer[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].initContainer[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].initContainer[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].initContainer[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].initContainer[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].initContainer[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].initContainer[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].initContainer[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].initContainer[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].initContainer[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].initContainer[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].initContainer[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].initContainer[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].initContainer[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].initContainer[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].initContainer[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].initContainer[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].initContainer[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].initContainer[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].initContainer[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].initContainer[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].initContainer[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].initContainer[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].initContainer[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].initContainer[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].initContainer[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].initContainer[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].initContainer[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].initContainer[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].initContainer[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].initContainer[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].initContainer[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].initContainer[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].initContainer[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].initContainer[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].initContainer[0].veleroNamespace + - description: Name is name of ContainerStorageModule modules + displayName: Name + path: modules[0].name + statusDescriptors: + - description: Number of Available Controller pods + displayName: Available + path: controllerStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Controller pods + displayName: Desired + path: controllerStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Controller pods + displayName: Failed + path: controllerStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Available Node pods + displayName: Available + path: nodeStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Node pods + displayName: Desired + path: nodeStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Node pods + displayName: Failed + path: nodeStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: State is the state of the driver installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: + "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator which can be \nused to install and manage Dell’s CSI drivers and CSM modules. \nBy using Dell CSM Operator, enterprises can quickly and easily deploy the \nCSM modules for CSI drivers making it easy for DevOps \nteams to build and optimize @@ -3426,1354 +3598,1354 @@ spec: Solution Brief](https://www.delltechnologies.com/asset/en-us/products/storage/briefs-summaries/h17893-dellemc-storage-for-containers-kubernetes-csi-so.pdf)\n" displayName: Dell Container Storage Modules icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC + mediatype: image/png install: spec: clusterPermissions: - - rules: - - nonResourceURLs: - - /metrics - verbs: - - get - - apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - '*' - - apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch - - apiGroups: - - '*' - resourceNames: - - application-mobility-velero-server - resources: - - '*' - verbs: - - '*' - - apiGroups: - - acme.cert-manager.io - resources: - - '*/*' - verbs: - - '*' - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update - - apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update - - apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - '*/*' - verbs: - - '*' - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - '*' - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update - - apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - '*' - - apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - serviceAccountName: dell-csm-operator-manager-service-account + - rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - "*" + - apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch + - apiGroups: + - "*" + resourceNames: + - application-mobility-velero-server + resources: + - "*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update + - apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update + - apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: dell-csm-operator-manager-service-account deployments: - - label: - control-plane: controller-manager - name: dell-csm-operator-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - strategy: {} - template: - metadata: - annotations: - storage.dell.com/CSMVersion: v1.11.0 - labels: + - label: + control-plane: controller-manager + name: dell-csm-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: control-plane: controller-manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {} - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - env: - - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.0 - - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.11.0 - - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.11.0 - - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.1 - - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.1 - - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - - name: RELATED_IMAGE_sdc - value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.9.0 - - name: RELATED_IMAGE_otel-collector - value: docker.io/otel/opentelemetry-collector:0.42.0 - - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.10.0 - - name: RELATED_IMAGE_kube-rbac-proxy - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - - name: RELATED_IMAGE_attacher - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - - name: RELATED_IMAGE_provisioner - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - - name: RELATED_IMAGE_registrar - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - - name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - - name: RELATED_IMAGE_externalhealthmonitorcontroller - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.8.0 - - name: RELATED_IMAGE_dell-connectivity-client - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - - name: RELATED_IMAGE_cert-persister - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.6.0 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi + strategy: {} + template: + metadata: + annotations: + storage.dell.com/CSMVersion: v1.11.0 + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: RELATED_IMAGE_dell-csm-operator + value: docker.io/dellemc/dell-csm-operator:v1.6.0 + - name: RELATED_IMAGE_csi-isilon + value: docker.io/dellemc/csi-isilon:v2.11.0 + - name: RELATED_IMAGE_csi-powermax + value: docker.io/dellemc/csi-powermax:v2.11.0 + - name: RELATED_IMAGE_csipowermax-reverseproxy + value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + - name: RELATED_IMAGE_csi-powerstore + value: docker.io/dellemc/csi-powerstore:v2.11.1 + - name: RELATED_IMAGE_csi-unity + value: docker.io/dellemc/csi-unity:v2.11.1 + - name: RELATED_IMAGE_csi-vxflexos + value: docker.io/dellemc/csi-vxflexos:v2.11.0 + - name: RELATED_IMAGE_sdc + value: docker.io/dellemc/sdc:4.5.2.1 + - name: RELATED_IMAGE_karavi-authorization-proxy + value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + - name: RELATED_IMAGE_dell-csi-replicator + value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + - name: RELATED_IMAGE_dell-replication-controller-manager + value: docker.io/dellemc/dell-replication-controller:v1.9.0 + - name: RELATED_IMAGE_topology + value: docker.io/dellemc/csm-topology:v1.9.0 + - name: RELATED_IMAGE_otel-collector + value: docker.io/otel/opentelemetry-collector:0.42.0 + - name: RELATED_IMAGE_metrics-powerscale + value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + - name: RELATED_IMAGE_metrics-powermax + value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + - name: RELATED_IMAGE_metrics-powerflex + value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + - name: RELATED_IMAGE_podmon-node + value: docker.io/dellemc/podmon:v1.10.0 + - name: RELATED_IMAGE_kube-rbac-proxy + value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + - name: RELATED_IMAGE_attacher + value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: RELATED_IMAGE_provisioner + value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + - name: RELATED_IMAGE_snapshotter + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: RELATED_IMAGE_registrar + value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: RELATED_IMAGE_resizer + value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: RELATED_IMAGE_externalhealthmonitorcontroller + value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + - name: RELATED_IMAGE_metadataretriever + value: dellemc/csi-metadata-retriever:v1.8.0 + - name: RELATED_IMAGE_dell-connectivity-client + value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + - name: RELATED_IMAGE_cert-persister + value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi + securityContext: + allowPrivilegeEscalation: false securityContext: - allowPrivilegeEscalation: false - securityContext: - runAsNonRoot: true - serviceAccountName: dell-csm-operator-manager-service-account - terminationGracePeriodSeconds: 10 + runAsNonRoot: true + serviceAccountName: dell-csm-operator-manager-service-account + terminationGracePeriodSeconds: 10 strategy: deployment installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - Dell Container Storage Modules - - Dell CSI Driver - - Dell CSM Modules - - Powerflex - - Powerscale - - Powerstore - - Unity - - Authorization - - Observability - - Replication + - Dell Container Storage Modules + - Dell CSI Driver + - Dell CSM Modules + - Powerflex + - Powerscale + - Powerstore + - Unity + - Authorization + - Observability + - Replication links: - - name: Documentation - url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ + - name: Documentation + url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ maintainers: - - email: container.storage.modules@dell.com - name: Dell Container Storage Modules + - email: container.storage.modules@dell.com + name: Dell Container Storage Modules maturity: stable minKubeVersion: 1.28.0 provider: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.6.0 - name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.11.0 - name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.11.0 - name: csi-powermax - - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.1 - name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.1 - name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: csi-vxflexos - - image: docker.io/dellemc/sdc:4.5.2.1 - name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: dell-replication-controller-manager - - image: docker.io/dellemc/csm-topology:v1.9.0 - name: topology - - image: docker.io/otel/opentelemetry-collector:0.42.0 - name: otel-collector - - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: metrics-powerscale - - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: metrics-powermax - - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.10.0 - name: podmon-node - - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: attacher - - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: snapshotter - - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: registrar - - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: resizer - - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: externalhealthmonitorcontroller - - image: dellemc/csi-metadata-retriever:v1.8.0 - name: metadataretriever - - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: dell-connectivity-client - - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: cert-persister + - image: docker.io/dellemc/dell-csm-operator:v1.6.0 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.11.0 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.11.0 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.11.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.11.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5.2.1 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.9.0 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.10.0 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: attacher + - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: provisioner + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: snapshotter + - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: registrar + - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: resizer + - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: externalhealthmonitorcontroller + - image: dellemc/csi-metadata-retriever:v1.8.0 + name: metadataretriever + - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: dell-connectivity-client + - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: cert-persister skips: - - dell-csm-operator.v1.5.1 + - dell-csm-operator.v1.5.1 version: 1.6.0 diff --git a/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml b/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml index 4394b42d3..473a05770 100644 --- a/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml +++ b/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml @@ -12,344 +12,60 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: Common is the common specification for both controller - and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - commander: - description: Commander is the image tag for the Container - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyService: - description: ProxyService is the image tag for the Container - type: string - redis: - description: Redis is the image tag for the Container - type: string - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - storageService: - description: StorageService is the image tag for the Container - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the - client - type: string - connectionTarget: - description: ConnectionTarget is the target that the client connects - to in the Dell datacenter - type: string - csmClientType: - description: ClientType is the Client type for Dell Technologies - - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: ForceRemoveClient is the boolean flag used to remove - client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: + ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: + Common is the common specification for both controller + and node plugins properties: args: description: Args is the set of arguments for the container @@ -357,58 +73,70 @@ spec: type: string type: array certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string commander: description: Commander is the image tag for the Container type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -424,8 +152,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -440,11 +169,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -453,15 +183,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -470,30 +202,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -503,28 +239,29 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -537,7 +274,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -547,7 +285,8 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyService: @@ -569,8 +308,9 @@ spec: description: TenantService is the image tag for the Container type: string tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -609,316 +349,667 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: + configVersion: + description: + ConfigVersion is the configuration version of the + client + type: string + connectionTarget: + description: + ConnectionTarget is the target that the client connects + to in the Dell datacenter + type: string + csmClientType: + description: + ClientType is the Client type for Dell Technologies + - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: + ForceRemoveClient is the boolean flag used to remove + client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair type: string - type: array - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - commander: - description: Commander is the image tag for the Container - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name + commander: + description: Commander is the image tag for the Container + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. type: object - type: array - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - licenseName: - description: LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyService: - description: ProxyService is the image tag for the Container - type: string - redis: - description: Redis is the image tag for the Container - type: string - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - storageService: - description: StorageService is the image tag for the Container - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tolerations: - description: Tolerations is the list of tolerations for - the driver pods - items: + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyService: + description: ProxyService is the image tag for the Container + type: string + redis: + description: Redis is the image tag for the Container + type: string + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + storageService: + description: StorageService is the image tag for the Container + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + commander: + description: Commander is the image tag for the Container + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: UsePrivateCaCerts is used to specify private CA signed - certs - type: boolean - type: object - type: object - status: - description: ApexConnectivityClientStatus defines the observed state of - ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyService: + description: ProxyService is the image tag for the Container + type: string + redis: + description: Redis is the image tag for the Container + type: string + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + storageService: + description: StorageService is the image tag for the Container + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: + UsePrivateCaCerts is used to specify private CA signed + certs + type: boolean + type: object + type: object + status: + description: + ApexConnectivityClientStatus defines the observed state of + ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml index b3bb2c4ab..ce75d071e 100644 --- a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml +++ b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml @@ -12,815 +12,65 @@ spec: listKind: ContainerStorageModuleList plural: containerstoragemodules shortNames: - - csm + - csm singular: containerstoragemodule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ContainerStorageModule is the Schema for the containerstoragemodules - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: AuthSecret is the name of the credentials secret - for the driver - type: string - common: - description: Common is the common specification for both controller - and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the - driver - type: string - controller: - description: Controller is the specification for Controller plugin - only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver - properties: - fSGroupPolicy: - type: string - storageCapacity: - type: boolean - type: object - csiDriverType: - description: CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: DNSPolicy is the dnsPolicy of the daemonset for Node - plugin - type: string - forceRemoveDriver: - description: ForceRemoveDriver is the boolean flag used to remove - driver deployment when CR is deleted - type: boolean - forceUpdate: - description: ForceUpdate is the boolean flag used to force an - update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: + ContainerStorageModule is the Schema for the containerstoragemodules + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: + AuthSecret is the name of the credentials secret + for the driver + type: string + common: + description: + Common is the common specification for both controller + and node plugins properties: args: description: Args is the set of arguments for the container @@ -828,74 +78,90 @@ spec: type: string type: array authorizationController: - description: AuthorizationController is the image tag for + description: + AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each controller + description: + The interval which the reconcile of each controller is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -911,8 +177,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -927,11 +194,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -940,15 +208,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -957,30 +227,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -990,40 +264,42 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server - hostname + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable leader + description: + LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -1036,7 +312,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -1046,20 +323,24 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization ingress + description: + ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key value + description: + Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -1076,7 +357,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1089,8 +371,9 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment + description: + RedisReplicas is the number of replicas for the + redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -1099,37 +382,43 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to skip + description: + skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -1168,7 +457,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1178,456 +468,111 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - node: - description: Node is the specification for Node plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - replicas: - description: Replicas is the count of controllers for Controller - plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container + configVersion: + description: + ConfigVersion is the configuration version of the + driver + type: string + controller: + description: + Controller is the specification for Controller plugin + only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each controller + description: + The interval which the reconcile of each controller is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1643,8 +588,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1659,11 +605,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1672,15 +619,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1689,30 +638,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1722,40 +675,42 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server - hostname + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable leader + description: + LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -1768,7 +723,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -1778,20 +734,24 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization ingress + description: + ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key value + description: + Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -1808,7 +768,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1821,8 +782,9 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment + description: + RedisReplicas is the number of replicas for the + redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -1831,37 +793,43 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to skip + description: + skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -1900,7 +868,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1910,40 +879,41 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver properties: - name: - description: Name is the name of the Snapshot Class + fSGroupPolicy: type: string - parameters: - additionalProperties: - type: string - description: Parameters is a map of driver specific parameters - for snapshot class - type: object + storageCapacity: + type: boolean type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: Modules is list of Container Storage Module modules you - want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: Components is the specification for CSM components - containers + csiDriverType: + description: + CSIDriverType is the CSI Driver type for Dell Technologies + - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: + DNSPolicy is the dnsPolicy of the daemonset for Node + plugin + type: string + forceRemoveDriver: + description: + ForceRemoveDriver is the boolean flag used to remove + driver deployment when CR is deleted + type: boolean + forceUpdate: + description: + ForceUpdate is the boolean flag used to force an + update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers items: description: ContainerTemplate template properties: @@ -1953,74 +923,90 @@ spec: type: string type: array authorizationController: - description: AuthorizationController is the image tag - for the container + description: + AuthorizationController is the image tag for + the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each - controller is run + description: + The interval which the reconcile of each controller + is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate + description: + CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials - to access objectstore + description: + SecretContents contains credentials to + access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID - to access objectstore + description: + AccessKeyID is a name of key ID to + access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not - to deploy a module + description: + Enabled is used to indicate wether or not to + deploy a module type: boolean envs: - description: Envs is the set of environment variables - for the container + description: + Envs is the set of environment variables for + the container items: - description: EnvVar represents an environment variable + description: + EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -2036,7 +1022,8 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's + description: + Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -2052,11 +1039,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap + description: + Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -2065,15 +1053,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. + description: + Path of the field to select in + the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -2082,31 +1072,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for + volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the + description: + Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -2116,39 +1109,45 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret - or its key must be defined + description: + Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server + description: + Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy - for the image + description: + ImagePullPolicy is the image pull policy for + the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable - leader election + description: + LeaderElection is boolean flag to enable leader + election type: boolean licenseName: - description: LicenseName is the name of the license for + description: + LicenseName is the name of the license for app-mobility type: string name: @@ -2162,8 +1161,9 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the - secret for the object store for app-mobility + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -2172,22 +1172,25 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization - ingress configuration struct + description: + ProxyServerIngress is the authorization ingress + configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key - value map that stores additional annotations for - the ingress + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2203,7 +1206,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2216,47 +1220,53 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for + description: + RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app - mobility + description: ReplicaCount is the replica count for app mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to - skip certificate validation + description: + skipCertificateValidation is the flag to skip + certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for + description: + Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2296,7 +1306,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2306,188 +1317,610 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - configVersion: - description: ConfigVersion is the configuration version of the - module - type: string - enabled: - description: Enabled is used to indicate whether or not to deploy - a module - type: boolean - forceRemoveModule: - description: ForceRemoveModule is the boolean flag used to remove - authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each - controller is run + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables - for the container - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable present + in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for volumes, + optional for env vars" + type: string + divisor: + anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the pod's + namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + replicas: + description: + Replicas is the count of controllers for Controller + plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the + description: + Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -2497,39 +1930,45 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret - or its key must be defined + description: + Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server + description: + Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy - for the image + description: + ImagePullPolicy is the image pull policy for + the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable - leader election + description: + LeaderElection is boolean flag to enable leader + election type: boolean licenseName: - description: LicenseName is the name of the license for + description: + LicenseName is the name of the license for app-mobility type: string name: @@ -2543,8 +1982,9 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the - secret for the object store for app-mobility + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -2553,22 +1993,25 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization - ingress configuration struct + description: + ProxyServerIngress is the authorization ingress + configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key - value map that stores additional annotations for - the ingress + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2584,7 +2027,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2597,47 +2041,53 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for + description: + RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app - mobility + description: ReplicaCount is the replica count for app mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to - skip certificate validation + description: + skipCertificateValidation is the flag to skip + certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for + description: + Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2677,7 +2127,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2687,50 +2138,927 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - name: - description: Name is name of ContainerStorageModule modules + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct + properties: + name: + description: Name is the name of the Snapshot Class + type: string + parameters: + additionalProperties: + type: string + description: + Parameters is a map of driver specific parameters + for snapshot class + type: object + type: object + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: + Modules is list of Container Storage Module modules you + want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: + Components is the specification for CSM components + containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag + for the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each + controller is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials + to access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID + to access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not + to deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables + for the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy + for the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable + leader election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the + secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization + ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key + value map that stores additional annotations for + the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: + ReplicaCount is the replica count for app + mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to + skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + configVersion: + description: + ConfigVersion is the configuration version of the + module + type: string + enabled: + description: + Enabled is used to indicate whether or not to deploy + a module + type: boolean + forceRemoveModule: + description: + ForceRemoveModule is the boolean flag used to remove + authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag + for the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each + controller is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials + to access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID + to access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not + to deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables + for the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy + for the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable + leader election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the + secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization + ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key + value map that stores additional annotations for + the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: + ReplicaCount is the replica count for app + mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to + skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + name: + description: Name is name of ContainerStorageModule modules + type: string + type: object + type: array + type: object + status: + description: + ContainerStorageModuleStatus defines the observed state of + ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: type: string type: object - type: array - type: object - status: - description: ContainerStorageModuleStatus defines the observed state of - ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml index 2cbf8825d..e6aa868bd 100644 --- a/bundle/tests/scorecard/config.yaml +++ b/bundle/tests/scorecard/config.yaml @@ -3,68 +3,68 @@ kind: Configuration metadata: name: config stages: -- parallel: true - tests: - - entrypoint: - - scorecard-test - - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: basic - test: basic-check-spec-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-bundle-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-crds-have-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-crds-have-resources-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-spec-descriptors-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-status-descriptors-test - storage: - spec: - mountPath: {} + - parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} storage: spec: mountPath: {} diff --git a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml index 805baca01..052a9a741 100644 --- a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml +++ b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml @@ -12,437 +12,60 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: Common is the common specification for both controller - and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the - client - type: string - connectionTarget: - description: ConnectionTarget is the target that the client connects - to in the Dell datacenter - type: string - csmClientType: - description: ClientType is the Client type for Dell Technologies - - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: ForceRemoveClient is the boolean flag used to remove - client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: + ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: + Common is the common specification for both controller + and node plugins properties: args: description: Args is the set of arguments for the container @@ -450,74 +73,90 @@ spec: type: string type: array authorizationController: - description: AuthorizationController is the image tag for + description: + AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each controller + description: + The interval which the reconcile of each controller is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -533,8 +172,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -549,11 +189,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -562,15 +203,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -579,30 +222,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -612,40 +259,42 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server - hostname + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable leader + description: + LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -658,7 +307,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -668,20 +318,24 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization ingress + description: + ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key value + description: + Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -698,7 +352,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -711,8 +366,9 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment + description: + RedisReplicas is the number of replicas for the + redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -721,37 +377,43 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to skip + description: + skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -790,7 +452,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -800,403 +463,881 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: + configVersion: + description: + ConfigVersion is the configuration version of the + client + type: string + connectionTarget: + description: + ConnectionTarget is the target that the client connects + to in the Dell datacenter + type: string + csmClientType: + description: + ClientType is the Client type for Dell Technologies + - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: + ForceRemoveClient is the boolean flag used to remove + client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for - the driver pods - items: + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: UsePrivateCaCerts is used to specify private CA signed - certs - type: boolean - type: object - type: object - status: - description: ApexConnectivityClientStatus defines the observed state of - ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: + UsePrivateCaCerts is used to specify private CA signed + certs + type: boolean + type: object + type: object + status: + description: + ApexConnectivityClientStatus defines the observed state of + ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml index a6fe0d00f..2a3d0f88f 100644 --- a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml +++ b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml @@ -12,815 +12,65 @@ spec: listKind: ContainerStorageModuleList plural: containerstoragemodules shortNames: - - csm + - csm singular: containerstoragemodule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ContainerStorageModule is the Schema for the containerstoragemodules - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: AuthSecret is the name of the credentials secret - for the driver - type: string - common: - description: Common is the common specification for both controller - and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the - driver - type: string - controller: - description: Controller is the specification for Controller plugin - only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver - properties: - fSGroupPolicy: - type: string - storageCapacity: - type: boolean - type: object - csiDriverType: - description: CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: DNSPolicy is the dnsPolicy of the daemonset for Node - plugin - type: string - forceRemoveDriver: - description: ForceRemoveDriver is the boolean flag used to remove - driver deployment when CR is deleted - type: boolean - forceUpdate: - description: ForceUpdate is the boolean flag used to force an - update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: + ContainerStorageModule is the Schema for the containerstoragemodules + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: + AuthSecret is the name of the credentials secret + for the driver + type: string + common: + description: + Common is the common specification for both controller + and node plugins properties: args: description: Args is the set of arguments for the container @@ -828,74 +78,90 @@ spec: type: string type: array authorizationController: - description: AuthorizationController is the image tag for + description: + AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each controller + description: + The interval which the reconcile of each controller is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -911,8 +177,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -927,11 +194,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -940,15 +208,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -957,30 +227,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -990,40 +264,42 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server - hostname + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable leader + description: + LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -1036,7 +312,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -1046,20 +323,24 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization ingress + description: + ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key value + description: + Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -1076,7 +357,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1089,8 +371,9 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment + description: + RedisReplicas is the number of replicas for the + redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -1099,37 +382,43 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to skip + description: + skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -1168,7 +457,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1178,456 +468,111 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - node: - description: Node is the specification for Node plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller - is run - type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for - the container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - replicas: - description: Replicas is the count of controllers for Controller - plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for - the container + configVersion: + description: + ConfigVersion is the configuration version of the + driver + type: string + controller: + description: + Controller is the specification for Controller plugin + only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each controller + description: + The interval which the reconcile of each controller is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials to + description: + SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID to + description: + AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not to + description: + Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: Envs is the set of environment variables for + description: + Envs is the set of environment variables for the container items: - description: EnvVar represents an environment variable - present in a Container. + description: + EnvVar represents an environment variable present + in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1643,8 +588,9 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. + description: + Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -1659,11 +605,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap - or its key must be defined + description: + Specify whether the ConfigMap or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1672,15 +619,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in + description: + Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1689,30 +638,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for volumes, + optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format of + - type: integer + - type: string + description: + Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the - pod's namespace + description: + Selects a key of a secret in the pod's + namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1722,40 +675,42 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret or - its key must be defined + description: + Specify whether the Secret or its + key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server - hostname + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy for + description: + ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable leader + description: + LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for - app-mobility + description: LicenseName is the name of the license for app-mobility type: string name: description: Name is the name of Container @@ -1768,7 +723,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret + description: + ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -1778,20 +734,24 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization ingress + description: + ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key value + description: + Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -1808,7 +768,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1821,8 +782,9 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for - the redis deployment + description: + RedisReplicas is the number of replicas for the + redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -1831,37 +793,43 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to skip + description: + skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for - the driver pods + description: + Tolerations is the list of tolerations for the + driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -1900,7 +868,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1910,40 +879,41 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver properties: - name: - description: Name is the name of the Snapshot Class + fSGroupPolicy: type: string - parameters: - additionalProperties: - type: string - description: Parameters is a map of driver specific parameters - for snapshot class - type: object + storageCapacity: + type: boolean type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: Modules is list of Container Storage Module modules you - want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: Components is the specification for CSM components - containers + csiDriverType: + description: + CSIDriverType is the CSI Driver type for Dell Technologies + - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: + DNSPolicy is the dnsPolicy of the daemonset for Node + plugin + type: string + forceRemoveDriver: + description: + ForceRemoveDriver is the boolean flag used to remove + driver deployment when CR is deleted + type: boolean + forceUpdate: + description: + ForceUpdate is the boolean flag used to force an + update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers items: description: ContainerTemplate template properties: @@ -1953,74 +923,90 @@ spec: type: string type: array authorizationController: - description: AuthorizationController is the image tag - for the container + description: + AuthorizationController is the image tag for + the container type: string authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number + description: + AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: Certificate is a certificate used for a certificate/private-key + description: + Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: CertificateAuthority is a certificate authority + description: + CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: The interval which the reconcile of each - controller is run + description: + The interval which the reconcile of each controller + is run type: string credentials: - description: ComponentCred is to store the velero credential + description: + ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: CreateWithInstall is used to indicate + description: + CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: Name is the name of secret which contains + description: + Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: SecretContents contains credentials - to access objectstore + description: + SecretContents contains credentials to + access objectstore properties: aws_access_key_id: - description: AccessKeyID is a name of key ID - to access objectstore + description: + AccessKeyID is a name of key ID to + access objectstore type: string aws_secret_access_key: - description: AccessKey contains the key to access + description: + AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent + description: + DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: Enabled is used to indicate wether or not - to deploy a module + description: + Enabled is used to indicate wether or not to + deploy a module type: boolean envs: - description: Envs is the set of environment variables - for the container + description: + Envs is the set of environment variables for + the container items: - description: EnvVar represents an environment variable + description: + EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must + description: + Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -2036,7 +1022,8 @@ spec: Defaults to "". type: string valueFrom: - description: Source for the environment variable's + description: + Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -2052,11 +1039,12 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the ConfigMap + description: + Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -2065,15 +1053,17 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: Version of the schema the FieldPath + description: + Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. + description: + Path of the field to select in + the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -2082,31 +1072,34 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for - volumes, optional for env vars' + description: + "Container name: required for + volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the + description: + Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -2116,39 +1109,45 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret - or its key must be defined + description: + Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server + description: + Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy - for the image + description: + ImagePullPolicy is the image pull policy for + the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable - leader election + description: + LeaderElection is boolean flag to enable leader + election type: boolean licenseName: - description: LicenseName is the name of the license for + description: + LicenseName is the name of the license for app-mobility type: string name: @@ -2162,8 +1161,9 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the - secret for the object store for app-mobility + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -2172,22 +1172,25 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization - ingress configuration struct + description: + ProxyServerIngress is the authorization ingress + configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key - value map that stores additional annotations for - the ingress + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2203,7 +1206,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2216,47 +1220,53 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for + description: + RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app - mobility + description: ReplicaCount is the replica count for app mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to - skip certificate validation + description: + skipCertificateValidation is the flag to skip + certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for + description: + Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2296,7 +1306,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2306,188 +1317,610 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - configVersion: - description: ConfigVersion is the configuration version of the - module - type: string - enabled: - description: Enabled is used to indicate whether or not to deploy - a module - type: boolean - forceRemoveModule: - description: ForceRemoveModule is the boolean flag used to remove - authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each - controller is run + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: type: string - credentials: - description: ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables - for the container - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable present + in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for volumes, + optional for env vars" + type: string + divisor: + anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" + description: + Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the pod's + namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + replicas: + description: + Replicas is the count of controllers for Controller + plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each controller + is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables for + the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the + description: + Selects a key of a secret in the pod's namespace properties: key: - description: The key of the secret to select + description: + The key of the secret to select from. Must be a valid secret key. type: string name: @@ -2497,39 +1930,45 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: Specify whether the Secret - or its key must be defined + description: + Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server + description: + Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: ImagePullPolicy is the image pull policy - for the image + description: + ImagePullPolicy is the image pull policy for + the image type: string kvEnginePath: - description: kvEnginePath is the Authorization vault secret + description: + kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: LeaderElection is boolean flag to enable - leader election + description: + LeaderElection is boolean flag to enable leader + election type: boolean licenseName: - description: LicenseName is the name of the license for + description: + LicenseName is the name of the license for app-mobility type: string name: @@ -2543,8 +1982,9 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: ObjectStoreSecretName is the name of the - secret for the object store for app-mobility + description: + ObjectStoreSecretName is the name of the secret + for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -2553,22 +1993,25 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: PrivateKey is a private key used for a certificate/private-key + description: + PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: ProxyServerIngress is the authorization proxy + description: + ProxyServerIngress is the authorization proxy server ingress configuration items: - description: ProxyServerIngress is the authorization - ingress configuration struct + description: + ProxyServerIngress is the authorization ingress + configuration struct properties: annotations: additionalProperties: type: string - description: Annotations is an unstructured key - value map that stores additional annotations for - the ingress + description: + Annotations is an unstructured key value + map that stores additional annotations for the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2584,7 +2027,8 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas + description: + ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2597,47 +2041,53 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: RedisReplicas is the number of replicas for + description: + RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app - mobility + description: ReplicaCount is the replica count for app mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas + description: + RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: skipCertificateValidation is the flag to - skip certificate validation + description: + skipCertificateValidation is the flag to skip + certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas + description: + StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: RedisStorageClass is the authorization proxy + description: + RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas + description: + TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: Tolerations is the list of tolerations for + description: + Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2677,7 +2127,8 @@ spec: type: object type: array useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot + description: + UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2687,47 +2138,924 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: VeleroNamespace is the namespace that Velero + description: + VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - name: - description: Name is name of ContainerStorageModule modules + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct + properties: + name: + description: Name is the name of the Snapshot Class + type: string + parameters: + additionalProperties: + type: string + description: + Parameters is a map of driver specific parameters + for snapshot class + type: object + type: object + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: + Modules is list of Container Storage Module modules you + want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: + Components is the specification for CSM components + containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag + for the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each + controller is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials + to access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID + to access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not + to deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables + for the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy + for the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable + leader election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the + secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization + ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key + value map that stores additional annotations for + the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: + ReplicaCount is the replica count for app + mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to + skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + configVersion: + description: + ConfigVersion is the configuration version of the + module + type: string + enabled: + description: + Enabled is used to indicate whether or not to deploy + a module + type: boolean + forceRemoveModule: + description: + ForceRemoveModule is the boolean flag used to remove + authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: + AuthorizationController is the image tag + for the container + type: string + authorizationControllerReplicas: + description: + AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: + Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: + CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: + The interval which the reconcile of each + controller is run + type: string + credentials: + description: + ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: + CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: + Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: + SecretContents contains credentials + to access objectstore + properties: + aws_access_key_id: + description: + AccessKeyID is a name of key ID + to access objectstore + type: string + aws_secret_access_key: + description: + AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: + DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: + Enabled is used to indicate wether or not + to deploy a module + type: boolean + envs: + description: + Envs is the set of environment variables + for the container + items: + description: + EnvVar represents an environment variable + present in a Container. + properties: + name: + description: + Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: + Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: + Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: + Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: + "Container name: required for + volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: + Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: + Selects a key of a secret in the + pod's namespace + properties: + key: + description: + The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: + Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: + Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: + ImagePullPolicy is the image pull policy + for the image + type: string + kvEnginePath: + description: + kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: + LeaderElection is boolean flag to enable + leader election + type: boolean + licenseName: + description: + LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: + ObjectStoreSecretName is the name of the + secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: + PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: + ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: + ProxyServerIngress is the authorization + ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: + Annotations is an unstructured key + value map that stores additional annotations for + the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: + ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: + RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: + ReplicaCount is the replica count for app + mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: + RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: + skipCertificateValidation is the flag to + skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: + StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: + RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: + TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: + Tolerations is the list of tolerations for + the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: + UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: + VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + name: + description: Name is name of ContainerStorageModule modules + type: string + type: object + type: array + type: object + status: + description: + ContainerStorageModuleStatus defines the observed state of + ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: type: string type: object - type: array - type: object - status: - description: ContainerStorageModuleStatus defines the observed state of - ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 9430b0e0c..eb45148d9 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,8 +2,8 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/storage.dell.com_containerstoragemodules.yaml -- bases/storage.dell.com_apexconnectivityclients.yaml + - bases/storage.dell.com_containerstoragemodules.yaml + - bases/storage.dell.com_apexconnectivityclients.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -19,4 +19,4 @@ patchesStrategicMerge: # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: -- kustomizeconfig.yaml + - kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index ec5c150a9..c1418ddee 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,19 +1,19 @@ # This file is for teaching kustomize how to substitute name and namespace reference in CRD nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition + - kind: Service version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: -- path: metadata/annotations + - path: metadata/annotations diff --git a/config/crd/patches/webhook_in_csms.yaml b/config/crd/patches/webhook_in_csms.yaml index 94d4ca0cd..7c3ef98af 100644 --- a/config/crd/patches/webhook_in_csms.yaml +++ b/config/crd/patches/webhook_in_csms.yaml @@ -13,4 +13,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 0c6f5220e..a83f4b1bc 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -13,10 +13,10 @@ namePrefix: dell-csm-operator- # someName: someValue bases: -- ../crd -- ../serviceaccount -- ../rbac -- ../manager + - ../crd + - ../serviceaccount + - ../rbac + - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook @@ -26,10 +26,10 @@ bases: #- ../prometheus patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. + - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index 4e2232fa1..fafeb381a 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -9,19 +9,19 @@ spec: template: spec: containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - protocol: TCP - name: https - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + - name: manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 6c400155c..68563ebf1 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -7,14 +7,14 @@ spec: template: spec: containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml volumes: - - name: manager-config - configMap: - name: manager-config + - name: manager-config + configMap: + name: manager-config diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index 531693b17..6b4d57c14 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -7,9 +7,9 @@ namePrefix: dell-csm-operator- # someName: someValue bases: -- ../serviceaccount -- ../rbac -- ../manager + - ../serviceaccount + - ../rbac + - ../manager images: - name: controller diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 2572bb2a3..dba370b72 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,16 @@ resources: -- manager.yaml + - manager.yaml generatorOptions: disableNameSuffixHash: true configMapGenerator: -- files: - - controller_manager_config.yaml - name: manager-config + - files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: -- name: controller - newName: docker.io/dellemc/dell-csm-operator - newTag: v1.6.1 + - name: controller + newName: docker.io/dellemc/dell-csm-operator + newTag: v1.6.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index b18af8bf1..9a6c35d42 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -21,87 +21,87 @@ spec: securityContext: runAsNonRoot: true containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - imagePullPolicy: Always - name: manager - env: - - value: docker.io/dellemc/dell-csm-operator:v1.6.0 - name: RELATED_IMAGE_dell-csm-operator - - value: docker.io/dellemc/csi-isilon:v2.11.0 - name: RELATED_IMAGE_csi-isilon - - value: docker.io/dellemc/csi-powermax:v2.11.0 - name: RELATED_IMAGE_csi-powermax - - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: RELATED_IMAGE_csipowermax-reverseproxy - - value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-powerstore - - value: docker.io/dellemc/csi-unity:v2.11.1 - name: RELATED_IMAGE_csi-unity - - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: RELATED_IMAGE_csi-vxflexos - - value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_sdc - - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: RELATED_IMAGE_karavi-authorization-proxy - - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: RELATED_IMAGE_dell-csi-replicator - - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: RELATED_IMAGE_dell-replication-controller-manager - - value: docker.io/dellemc/csm-topology:v1.9.0 - name: RELATED_IMAGE_topology - - value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_otel-collector - - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: RELATED_IMAGE_metrics-powerscale - - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: RELATED_IMAGE_metrics-powermax - - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: RELATED_IMAGE_metrics-powerflex - - value: docker.io/dellemc/podmon:v1.10.0 - name: RELATED_IMAGE_podmon-node - - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: RELATED_IMAGE_kube-rbac-proxy - - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: RELATED_IMAGE_attacher - - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: RELATED_IMAGE_provisioner - - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: RELATED_IMAGE_snapshotter - - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: RELATED_IMAGE_registrar - - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: RELATED_IMAGE_resizer - - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: RELATED_IMAGE_externalhealthmonitorcontroller - - value: dellemc/csi-metadata-retriever:v1.8.0 - name: RELATED_IMAGE_metadataretriever - - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: RELATED_IMAGE_dell-connectivity-client - - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: RELATED_IMAGE_cert-persister - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi + - command: + - /manager + args: + - --leader-elect + image: controller:latest + imagePullPolicy: Always + name: manager + env: + - value: docker.io/dellemc/dell-csm-operator:v1.6.0 + name: RELATED_IMAGE_dell-csm-operator + - value: docker.io/dellemc/csi-isilon:v2.11.0 + name: RELATED_IMAGE_csi-isilon + - value: docker.io/dellemc/csi-powermax:v2.11.0 + name: RELATED_IMAGE_csi-powermax + - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: RELATED_IMAGE_csipowermax-reverseproxy + - value: docker.io/dellemc/csi-powerstore:v2.11.1 + name: RELATED_IMAGE_csi-powerstore + - value: docker.io/dellemc/csi-unity:v2.11.1 + name: RELATED_IMAGE_csi-unity + - value: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: RELATED_IMAGE_csi-vxflexos + - value: docker.io/dellemc/sdc:4.5.2.1 + name: RELATED_IMAGE_sdc + - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: RELATED_IMAGE_karavi-authorization-proxy + - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: RELATED_IMAGE_dell-csi-replicator + - value: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: RELATED_IMAGE_dell-replication-controller-manager + - value: docker.io/dellemc/csm-topology:v1.9.0 + name: RELATED_IMAGE_topology + - value: docker.io/otel/opentelemetry-collector:0.42.0 + name: RELATED_IMAGE_otel-collector + - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: RELATED_IMAGE_metrics-powerscale + - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: RELATED_IMAGE_metrics-powermax + - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: RELATED_IMAGE_metrics-powerflex + - value: docker.io/dellemc/podmon:v1.10.0 + name: RELATED_IMAGE_podmon-node + - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: RELATED_IMAGE_kube-rbac-proxy + - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: RELATED_IMAGE_attacher + - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: RELATED_IMAGE_provisioner + - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: RELATED_IMAGE_snapshotter + - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: RELATED_IMAGE_registrar + - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: RELATED_IMAGE_resizer + - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: RELATED_IMAGE_externalhealthmonitorcontroller + - value: dellemc/csi-metadata-retriever:v1.8.0 + name: RELATED_IMAGE_metadataretriever + - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: RELATED_IMAGE_dell-connectivity-client + - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: RELATED_IMAGE_cert-persister + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 87fa864ec..bb2b8ee06 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -2,7 +2,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: - alm-examples: '[]' + alm-examples: "[]" capabilities: Seamless Upgrades categories: Storage containerImage: docker.io/dellemc/dell-csm-operator:v1.6.1 @@ -23,1935 +23,2107 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - displayName: Apex Connectivity Client - kind: ApexConnectivityClient - name: apexconnectivityclients.storage.dell.com - specDescriptors: - - description: Common is the common specification for both controller and node - plugins - displayName: Common specification - path: client.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.common.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.common.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.common.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.common.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.common.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.common.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.common.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.common.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.common.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.common.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.common.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.common.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.common.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.common.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.common.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.common.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.common.veleroNamespace - - description: ConfigVersion is the configuration version of the client - displayName: Config Version - path: client.configVersion - - description: ConnectionTarget is the target that the client connects to in - the Dell datacenter - displayName: Connection Target - path: client.connectionTarget - - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - displayName: Client Type - path: client.csmClientType - - description: ForceRemoveClient is the boolean flag used to remove client deployment - when CR is deleted - displayName: Force Remove Client - path: client.forceRemoveClient - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.initContainers[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.initContainers[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.initContainers[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.initContainers[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.initContainers[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.initContainers[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.initContainers[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.initContainers[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.initContainers[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.initContainers[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.initContainers[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.initContainers[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.initContainers[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.initContainers[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.initContainers[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.initContainers[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.initContainers[0].veleroNamespace - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: client.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.sideCars[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.sideCars[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.sideCars[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.sideCars[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.sideCars[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.sideCars[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.sideCars[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.sideCars[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.sideCars[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.sideCars[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.sideCars[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.sideCars[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.sideCars[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.sideCars[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.sideCars[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.sideCars[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.sideCars[0].veleroNamespace - - description: UsePrivateCaCerts is used to specify private CA signed certs - displayName: Use Private CA Certs - path: client.usePrivateCaCerts - - description: State is the state of the client installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - - description: ContainerStorageModule is the Schema for the containerstoragemodules - API - displayName: Container Storage Module - kind: ContainerStorageModule - name: containerstoragemodules.storage.dell.com - specDescriptors: - - description: AuthSecret is the name of the credentials secret for the driver - displayName: Auth Secret - path: driver.authSecret - - description: Common is the common specification for both controller and node - plugins - displayName: Common specification - path: driver.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.common.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.common.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.common.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.common.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.common.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.common.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.common.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.common.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.common.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.common.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.common.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.common.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.common.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.common.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.common.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.common.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.common.veleroNamespace - - description: ConfigVersion is the configuration version of the driver - displayName: Config Version - path: driver.configVersion - - description: Controller is the specification for Controller plugin only - displayName: Controller Specification - path: driver.controller - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.controller.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.controller.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.controller.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.controller.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.controller.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.controller.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.controller.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.controller.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.controller.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.controller.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.controller.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.controller.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.controller.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.controller.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.controller.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.controller.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.controller.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.controller.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.controller.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.controller.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.controller.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.controller.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.controller.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.controller.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.controller.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.controller.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.controller.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.controller.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.controller.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.controller.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.controller.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.controller.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.controller.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.controller.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.controller.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.controller.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.controller.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.controller.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.controller.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.controller.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.controller.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.controller.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.controller.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.controller.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.controller.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.controller.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.controller.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.controller.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.controller.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.controller.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.controller.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.controller.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.controller.veleroNamespace - - description: CSIDriverSpec is the specification for CSIDriver - displayName: CSI Driver Spec - path: driver.csiDriverSpec - - description: CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - displayName: CSI Driver Type - path: driver.csiDriverType - - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - displayName: DNSPolicy - path: driver.dnsPolicy - - description: ForceRemoveDriver is the boolean flag used to remove driver deployment - when CR is deleted - displayName: Force Remove Driver - path: driver.forceRemoveDriver - - description: ForceUpdate is the boolean flag used to force an update of the - driver instance - displayName: Force update - path: driver.forceUpdate - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.initContainers[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.initContainers[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.initContainers[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.initContainers[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.initContainers[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.initContainers[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.initContainers[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.initContainers[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.initContainers[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.initContainers[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.initContainers[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.initContainers[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.initContainers[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.initContainers[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.initContainers[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.initContainers[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.initContainers[0].veleroNamespace - - description: Node is the specification for Node plugin only - displayName: Node specification - path: driver.node - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.node.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.node.authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.node.authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.node.certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.node.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.node.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.node.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.node.credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.node.credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.node.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.node.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.node.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.node.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.node.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.node.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.node.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.node.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.node.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.node.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.node.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.node.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.node.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.node.name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.node.nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.node.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.node.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.node.opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.node.privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.node.proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.node.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.node.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.node.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.node.proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.node.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.node.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.node.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.node.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.node.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.node.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.node.roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.node.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.node.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.node.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.node.storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.node.storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.node.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.node.tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.node.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.node.tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.node.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.node.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.node.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.node.veleroNamespace - - description: Replicas is the count of controllers for Controller plugin - displayName: Controller count - path: driver.replicas - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: driver.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.sideCars[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.sideCars[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.sideCars[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.sideCars[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.sideCars[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.sideCars[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.sideCars[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.sideCars[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.sideCars[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.sideCars[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.sideCars[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.sideCars[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.sideCars[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.sideCars[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.sideCars[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.sideCars[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.sideCars[0].veleroNamespace - - description: SnapshotClass is the specification for Snapshot Classes - displayName: Snapshot Classes - path: driver.snapshotClass - - description: Name is the name of the Snapshot Class - displayName: Snapshot Class Name - path: driver.snapshotClass[0].name - - description: Parameters is a map of driver specific parameters for snapshot - class - displayName: Snapshot Class Parameters - path: driver.snapshotClass[0].parameters - - description: TLSCertSecret is the name of the TLS Cert secret - displayName: TLSCert Secret - path: driver.tlsCertSecret - - description: Components is the specification for CSM components containers - displayName: ContainerStorageModule components specification - path: modules[0].components - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].components[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].components[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].components[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].components[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].components[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].components[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].components[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].components[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].components[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].components[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].components[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].components[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].components[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].components[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].components[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].components[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].components[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].components[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].components[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].components[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].components[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].components[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].components[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].components[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].components[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].components[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].components[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].components[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].components[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].components[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].components[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].components[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].components[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].components[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].components[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].components[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].components[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].components[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].components[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].components[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].components[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].components[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].components[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].components[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].components[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].components[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].components[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].components[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].components[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].components[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].components[0].veleroNamespace - - description: ConfigVersion is the configuration version of the module - displayName: Config Version - path: modules[0].configVersion - - description: Enabled is used to indicate whether or not to deploy a module - displayName: Enabled - path: modules[0].enabled - - description: ForceRemoveModule is the boolean flag used to remove authorization - proxy server deployment when CR is deleted - displayName: Force Remove Module - path: modules[0].forceRemoveModule - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].initContainer[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].initContainer[0].authorizationController - - description: AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].initContainer[0].authorizationControllerReplicas - - description: Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].initContainer[0].certificate - - description: CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].initContainer[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].initContainer[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].initContainer[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].initContainer[0].credentials - - description: CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].initContainer[0].credentials[0].createWithInstall - - description: Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].initContainer[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].initContainer[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].initContainer[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].initContainer[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].initContainer[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].initContainer[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].initContainer[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].initContainer[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].initContainer[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].initContainer[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].initContainer[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].initContainer[0].name - - description: NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].initContainer[0].nodeSelector - - description: ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].initContainer[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].initContainer[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].initContainer[0].opaKubeMgmt - - description: PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].initContainer[0].privateKey - - description: ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].initContainer[0].proxyServerIngress - - description: Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].initContainer[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].initContainer[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].initContainer[0].proxyService - - description: ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].initContainer[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].initContainer[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].initContainer[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].initContainer[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].initContainer[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].initContainer[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].initContainer[0].roleService - - description: RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].initContainer[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].initContainer[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].initContainer[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].initContainer[0].storageService - - description: StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].initContainer[0].storageServiceReplicas - - description: RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].initContainer[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].initContainer[0].tenantService - - description: TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].initContainer[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].initContainer[0].tolerations - - description: UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].initContainer[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].initContainer[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].initContainer[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].initContainer[0].veleroNamespace - - description: Name is name of ContainerStorageModule modules - displayName: Name - path: modules[0].name - statusDescriptors: - - description: Number of Available Controller pods - displayName: Available - path: controllerStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Controller pods - displayName: Desired - path: controllerStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Controller pods - displayName: Failed - path: controllerStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Available Node pods - displayName: Available - path: nodeStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Node pods - displayName: Desired - path: nodeStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Node pods - displayName: Failed - path: nodeStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: State is the state of the driver installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - description: "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator + - description: + ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + displayName: Apex Connectivity Client + kind: ApexConnectivityClient + name: apexconnectivityclients.storage.dell.com + specDescriptors: + - description: + Common is the common specification for both controller and node + plugins + displayName: Common specification + path: client.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.common.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.common.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.common.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.common.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.common.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.common.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.common.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.common.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.common.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.common.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.common.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.common.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.common.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.common.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.common.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.common.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.common.veleroNamespace + - description: ConfigVersion is the configuration version of the client + displayName: Config Version + path: client.configVersion + - description: + ConnectionTarget is the target that the client connects to in + the Dell datacenter + displayName: Connection Target + path: client.connectionTarget + - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + displayName: Client Type + path: client.csmClientType + - description: + ForceRemoveClient is the boolean flag used to remove client deployment + when CR is deleted + displayName: Force Remove Client + path: client.forceRemoveClient + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.initContainers[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.initContainers[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.initContainers[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.initContainers[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.initContainers[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.initContainers[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.initContainers[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.initContainers[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.initContainers[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.initContainers[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.initContainers[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.initContainers[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.initContainers[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.initContainers[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.initContainers[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.initContainers[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.initContainers[0].veleroNamespace + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: client.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.sideCars[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.sideCars[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.sideCars[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.sideCars[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.sideCars[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.sideCars[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.sideCars[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.sideCars[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.sideCars[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.sideCars[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.sideCars[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.sideCars[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.sideCars[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.sideCars[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.sideCars[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.sideCars[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.sideCars[0].veleroNamespace + - description: UsePrivateCaCerts is used to specify private CA signed certs + displayName: Use Private CA Certs + path: client.usePrivateCaCerts + - description: State is the state of the client installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + - description: + ContainerStorageModule is the Schema for the containerstoragemodules + API + displayName: Container Storage Module + kind: ContainerStorageModule + name: containerstoragemodules.storage.dell.com + specDescriptors: + - description: AuthSecret is the name of the credentials secret for the driver + displayName: Auth Secret + path: driver.authSecret + - description: + Common is the common specification for both controller and node + plugins + displayName: Common specification + path: driver.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.common.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.common.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.common.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.common.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.common.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.common.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.common.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.common.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.common.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.common.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.common.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.common.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.common.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.common.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.common.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.common.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.common.veleroNamespace + - description: ConfigVersion is the configuration version of the driver + displayName: Config Version + path: driver.configVersion + - description: Controller is the specification for Controller plugin only + displayName: Controller Specification + path: driver.controller + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.controller.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.controller.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.controller.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.controller.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.controller.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.controller.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.controller.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.controller.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.controller.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.controller.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.controller.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.controller.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.controller.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.controller.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.controller.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.controller.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.controller.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.controller.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.controller.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.controller.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.controller.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.controller.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.controller.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.controller.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.controller.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.controller.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.controller.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.controller.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.controller.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.controller.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.controller.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.controller.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.controller.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.controller.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.controller.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.controller.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.controller.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.controller.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.controller.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.controller.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.controller.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.controller.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.controller.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.controller.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.controller.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.controller.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.controller.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.controller.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.controller.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.controller.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.controller.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.controller.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.controller.veleroNamespace + - description: CSIDriverSpec is the specification for CSIDriver + displayName: CSI Driver Spec + path: driver.csiDriverSpec + - description: + CSIDriverType is the CSI Driver type for Dell Technologies - + e.g, powermax, powerflex,... + displayName: CSI Driver Type + path: driver.csiDriverType + - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + displayName: DNSPolicy + path: driver.dnsPolicy + - description: + ForceRemoveDriver is the boolean flag used to remove driver deployment + when CR is deleted + displayName: Force Remove Driver + path: driver.forceRemoveDriver + - description: + ForceUpdate is the boolean flag used to force an update of the + driver instance + displayName: Force update + path: driver.forceUpdate + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.initContainers[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.initContainers[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.initContainers[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.initContainers[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.initContainers[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.initContainers[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.initContainers[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.initContainers[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.initContainers[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.initContainers[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.initContainers[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.initContainers[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.initContainers[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.initContainers[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.initContainers[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.initContainers[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.initContainers[0].veleroNamespace + - description: Node is the specification for Node plugin only + displayName: Node specification + path: driver.node + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.node.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.node.authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.node.authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.node.certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.node.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.node.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.node.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.node.credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.node.credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.node.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.node.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.node.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.node.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.node.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.node.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.node.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.node.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.node.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.node.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.node.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.node.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.node.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.node.name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.node.nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.node.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.node.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.node.opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.node.privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.node.proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.node.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.node.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.node.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.node.proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.node.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.node.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.node.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.node.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.node.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.node.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.node.roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.node.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.node.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.node.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.node.storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.node.storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.node.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.node.tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.node.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.node.tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.node.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.node.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.node.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.node.veleroNamespace + - description: Replicas is the count of controllers for Controller plugin + displayName: Controller count + path: driver.replicas + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: driver.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.sideCars[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.sideCars[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.sideCars[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.sideCars[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.sideCars[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.sideCars[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.sideCars[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.sideCars[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.sideCars[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.sideCars[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.sideCars[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.sideCars[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.sideCars[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.sideCars[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.sideCars[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.sideCars[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.sideCars[0].veleroNamespace + - description: SnapshotClass is the specification for Snapshot Classes + displayName: Snapshot Classes + path: driver.snapshotClass + - description: Name is the name of the Snapshot Class + displayName: Snapshot Class Name + path: driver.snapshotClass[0].name + - description: + Parameters is a map of driver specific parameters for snapshot + class + displayName: Snapshot Class Parameters + path: driver.snapshotClass[0].parameters + - description: TLSCertSecret is the name of the TLS Cert secret + displayName: TLSCert Secret + path: driver.tlsCertSecret + - description: Components is the specification for CSM components containers + displayName: ContainerStorageModule components specification + path: modules[0].components + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].components[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].components[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].components[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].components[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].components[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].components[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].components[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].components[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].components[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].components[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].components[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].components[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].components[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].components[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].components[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].components[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].components[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].components[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].components[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].components[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].components[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].components[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].components[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].components[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].components[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].components[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].components[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].components[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].components[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].components[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].components[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].components[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].components[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].components[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].components[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].components[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].components[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].components[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].components[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].components[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].components[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].components[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].components[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].components[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].components[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].components[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].components[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].components[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].components[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].components[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].components[0].veleroNamespace + - description: ConfigVersion is the configuration version of the module + displayName: Config Version + path: modules[0].configVersion + - description: Enabled is used to indicate whether or not to deploy a module + displayName: Enabled + path: modules[0].enabled + - description: + ForceRemoveModule is the boolean flag used to remove authorization + proxy server deployment when CR is deleted + displayName: Force Remove Module + path: modules[0].forceRemoveModule + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].initContainer[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].initContainer[0].authorizationController + - description: + AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].initContainer[0].authorizationControllerReplicas + - description: + Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].initContainer[0].certificate + - description: + CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].initContainer[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].initContainer[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].initContainer[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].initContainer[0].credentials + - description: + CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].initContainer[0].credentials[0].createWithInstall + - description: + Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].initContainer[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].initContainer[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].initContainer[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].initContainer[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].initContainer[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].initContainer[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].initContainer[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].initContainer[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].initContainer[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].initContainer[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].initContainer[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].initContainer[0].name + - description: + NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].initContainer[0].nodeSelector + - description: + ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].initContainer[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].initContainer[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].initContainer[0].opaKubeMgmt + - description: + PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].initContainer[0].privateKey + - description: + ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].initContainer[0].proxyServerIngress + - description: + Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].initContainer[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].initContainer[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].initContainer[0].proxyService + - description: + ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].initContainer[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].initContainer[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].initContainer[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].initContainer[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].initContainer[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].initContainer[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].initContainer[0].roleService + - description: + RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].initContainer[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].initContainer[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].initContainer[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].initContainer[0].storageService + - description: + StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].initContainer[0].storageServiceReplicas + - description: + RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].initContainer[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].initContainer[0].tenantService + - description: + TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].initContainer[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].initContainer[0].tolerations + - description: + UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].initContainer[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].initContainer[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].initContainer[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].initContainer[0].veleroNamespace + - description: Name is name of ContainerStorageModule modules + displayName: Name + path: modules[0].name + statusDescriptors: + - description: Number of Available Controller pods + displayName: Available + path: controllerStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Controller pods + displayName: Desired + path: controllerStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Controller pods + displayName: Failed + path: controllerStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Available Node pods + displayName: Available + path: nodeStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Node pods + displayName: Desired + path: nodeStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Node pods + displayName: Failed + path: nodeStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: State is the state of the driver installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: + "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator which can be \nused to install and manage Dell’s CSI drivers and CSM modules. \nBy using Dell CSM Operator, enterprises can quickly and easily deploy the \nCSM modules for CSI drivers making it easy for DevOps \nteams to build and optimize @@ -1980,98 +2152,98 @@ spec: Solution Brief](https://www.delltechnologies.com/asset/en-us/products/storage/briefs-summaries/h17893-dellemc-storage-for-containers-kubernetes-csi-so.pdf)\n" displayName: Dell Container Storage Modules icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC + mediatype: image/png install: spec: deployments: null strategy: "" installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - Dell Container Storage Modules - - Dell CSI Driver - - Dell CSM Modules - - Powerflex - - Powerscale - - Powerstore - - Unity - - Authorization - - Observability - - Replication + - Dell Container Storage Modules + - Dell CSI Driver + - Dell CSM Modules + - Powerflex + - Powerscale + - Powerstore + - Unity + - Authorization + - Observability + - Replication links: - - name: Documentation - url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ + - name: Documentation + url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ maintainers: - - email: container.storage.modules@dell.com - name: Dell Container Storage Modules + - email: container.storage.modules@dell.com + name: Dell Container Storage Modules maturity: stable minKubeVersion: 1.28.0 provider: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.6.1 - name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.11.0 - name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.11.0 - name: csi-powermax - - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.1 - name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.1 - name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: csi-vxflexos - - image: docker.io/dellemc/sdc:4.5.2.1 - name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: dell-replication-controller-manager - - image: docker.io/dellemc/csm-topology:v1.9.0 - name: topology - - image: docker.io/otel/opentelemetry-collector:0.42.0 - name: otel-collector - - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: metrics-powerscale - - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: metrics-powermax - - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.10.0 - name: podmon-node - - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: attacher - - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: snapshotter - - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: registrar - - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: resizer - - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: externalhealthmonitorcontroller - - image: dellemc/csi-metadata-retriever:v1.8.0 - name: metadataretriever - - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: dell-connectivity-client - - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: cert-persister + - image: docker.io/dellemc/dell-csm-operator:v1.6.1 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.11.0 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.11.0 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.11.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.11.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5.2.1 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.9.0 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.10.0 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: attacher + - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: provisioner + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: snapshotter + - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: registrar + - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: resizer + - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: externalhealthmonitorcontroller + - image: dellemc/csi-metadata-retriever:v1.8.0 + name: metadataretriever + - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: dell-connectivity-client + - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: cert-persister skips: - - dell-csm-operator.v1.5.1 + - dell-csm-operator.v1.5.1 version: 1.6.1 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index ad5795edc..54dbdceba 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,11 +1,10 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: -- bases/dell-csm-operator.clusterserviceversion.yaml -- ../default -- ../samples -- ../scorecard - + - bases/dell-csm-operator.clusterserviceversion.yaml + - ../default + - ../samples + - ../scorecard # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. # These patches remove the unnecessary "cert" volume and its manager container volumeMount. diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168a..d556b996a 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,2 @@ resources: -- monitor.yaml + - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae7..6812d4d5e 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,4 +1,3 @@ - # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/config/rbac/application_mobility_clusterrole.yaml b/config/rbac/application_mobility_clusterrole.yaml index 346ae33d8..e66c1ee02 100644 --- a/config/rbac/application_mobility_clusterrole.yaml +++ b/config/rbac/application_mobility_clusterrole.yaml @@ -3,9 +3,9 @@ kind: ClusterRole metadata: name: application-mobility-velero-server rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' \ No newline at end of file + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" diff --git a/config/rbac/application_mobility_role_binding.yaml b/config/rbac/application_mobility_role_binding.yaml index 1b44c677f..3f7c3b5c1 100644 --- a/config/rbac/application_mobility_role_binding.yaml +++ b/config/rbac/application_mobility_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: application-mobility-velero-server subjects: -- kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator \ No newline at end of file + - kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 51a75db47..07f438293 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -3,7 +3,7 @@ kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get + - nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 80e1857c5..2e55d6aea 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -3,15 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b8..076aa4d4d 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: default - namespace: system + - kind: ServiceAccount + name: default + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 71f179727..7fa7a0104 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -7,9 +7,9 @@ metadata: namespace: system spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/config/rbac/csm_editor_role.yaml b/config/rbac/csm_editor_role.yaml index d6bf406c1..cb388f62d 100644 --- a/config/rbac/csm_editor_role.yaml +++ b/config/rbac/csm_editor_role.yaml @@ -4,21 +4,21 @@ kind: ClusterRole metadata: name: containerstoragemodule-editor-role rules: -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get diff --git a/config/rbac/csm_viewer_role.yaml b/config/rbac/csm_viewer_role.yaml index 0cff6342a..f378d00ae 100644 --- a/config/rbac/csm_viewer_role.yaml +++ b/config/rbac/csm_viewer_role.yaml @@ -4,17 +4,17 @@ kind: ClusterRole metadata: name: containerstoragemodule-viewer-role rules: -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - get - - list - - watch -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - get + - list + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index e0bffb4d4..1017df028 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,20 +1,20 @@ resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml -- application_mobility_clusterrole.yaml -- application_mobility_role_binding.yaml + - application_mobility_clusterrole.yaml + - application_mobility_role_binding.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 4190ec805..9221419fa 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -4,34 +4,34 @@ kind: Role metadata: name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index eed16906f..14f48991f 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: default - namespace: system + - kind: ServiceAccount + name: default + namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b64fc8865..dde44c600 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -4,1138 +4,1138 @@ kind: ClusterRole metadata: name: manager-role rules: -- nonResourceURLs: - - /metrics - verbs: - - get -- apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - '*' -- apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch -- apiGroups: - - '*' - resourceNames: - - application-mobility-velero-server - resources: - - '*' - verbs: - - '*' -- apiGroups: - - acme.cert-manager.io - resources: - - '*/*' - verbs: - - '*' -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch -- apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch -- apiGroups: - - cert-manager.io - resources: - - '*/*' - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update -- apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update -- apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - '*' -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - "*" + - apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch + - apiGroups: + - "*" + resourceNames: + - application-mobility-velero-server + resources: + - "*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update + - apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update + - apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index c381046f5..a97ace9bb 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: manager-role subjects: -- kind: ServiceAccount - name: manager-service-account - namespace: default + - kind: ServiceAccount + name: manager-service-account + namespace: default diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 19b8a43f5..0d8ca0545 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -6,4 +6,4 @@ resources: - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml - storage_v1_csm_connectivity_client.yaml -#+kubebuilder:scaffold:manifestskustomizesamples \ No newline at end of file +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 16d8d2d89..724382897 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -111,7 +111,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 192c2d6d4..2936c4890 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -70,15 +70,15 @@ spec: # ssl authentication. (unity-cert-0..unity-cert-n) # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false # Allowed values: n, where n > 0 - # Default value: None + # Default value: None - name: CERT_SECRET_COUNT value: "1" # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate # Allowed values: # true: skip Unisphere API server's certificate verification - # false: verify Unisphere API server's certificates - # Default value: true + # false: verify Unisphere API server's certificates + # Default value: true - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION value: "true" sideCars: diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index c77047841..707a5c25f 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -3,5 +3,5 @@ kind: Configuration metadata: name: config stages: -- parallel: true - tests: [] + - parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index 50cd2d084..ee7181bb3 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,16 @@ resources: -- bases/config.yaml + - bases/config.yaml patchesJson6902: -- path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config -- path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config + - path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config + - path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config #+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index ebd7145ca..d133b88ac 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - basic-check-spec + - scorecard-test + - basic-check-spec image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index 79b4a634c..ec284ba16 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-bundle-validation + - scorecard-test + - olm-bundle-validation image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -12,8 +12,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-validation + - scorecard-test + - olm-crds-have-validation image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -22,8 +22,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-resources + - scorecard-test + - olm-crds-have-resources image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -32,8 +32,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-spec-descriptors + - scorecard-test + - olm-spec-descriptors image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -42,8 +42,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-status-descriptors + - scorecard-test + - olm-status-descriptors image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm diff --git a/config/serviceaccount/kustomization.yaml b/config/serviceaccount/kustomization.yaml index 310109dd7..59fb7a6d1 100644 --- a/config/serviceaccount/kustomization.yaml +++ b/config/serviceaccount/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: system resources: - - ./serviceaccount.yaml \ No newline at end of file + - ./serviceaccount.yaml diff --git a/deploy/crds/storage.dell.com.crds.all.yaml b/deploy/crds/storage.dell.com.crds.all.yaml index 69726d5e1..8c262bf43 100644 --- a/deploy/crds/storage.dell.com.crds.all.yaml +++ b/deploy/crds/storage.dell.com.crds.all.yaml @@ -11,388 +11,56 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: Common is the common specification for both controller and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the client - type: string - connectionTarget: - description: ConnectionTarget is the target that the client connects to in the Dell datacenter - type: string - csmClientType: - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: ForceRemoveClient is the boolean flag used to remove client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ApexConnectivityClient is the Schema for the ApexConnectivityClient API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: Common is the common specification for both controller and node plugins properties: args: description: Args is the set of arguments for the container @@ -485,7 +153,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -500,7 +168,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -509,20 +177,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: "Container name: required for volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -541,12 +209,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -709,1083 +377,754 @@ spec: description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: + configVersion: + description: ConfigVersion is the configuration version of the client + type: string + connectionTarget: + description: ConnectionTarget is the target that the client connects to in the Dell datacenter + type: string + csmClientType: + description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: ForceRemoveClient is the boolean flag used to remove client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: UsePrivateCaCerts is used to specify private CA signed certs - type: boolean - type: object - type: object - status: - description: ApexConnectivityClientStatus defines the observed state of ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - name: containerstoragemodules.storage.dell.com -spec: - group: storage.dell.com - names: - kind: ContainerStorageModule - listKind: ContainerStorageModuleList - plural: containerstoragemodules - shortNames: - - csm - singular: containerstoragemodule - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ContainerStorageModule is the Schema for the containerstoragemodules API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: AuthSecret is the name of the credentials secret for the driver - type: string - common: - description: Common is the common specification for both controller and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + secretContents: + description: SecretContents contains credentials to access objectstore properties: - key: - description: The key to select. + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? + aws_secret_access_key: + description: AccessKey contains the key to access objectstore type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the driver - type: string - controller: - description: Controller is the specification for Controller plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: - key: - description: The key to select. - type: string - name: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress + required: + - name type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver - properties: - fSGroupPolicy: - type: string - storageCapacity: - type: boolean - type: object - csiDriverType: - description: CSIDriverType is the CSI Driver type for Dell Technologies - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - type: string - forceRemoveDriver: - description: ForceRemoveDriver is the boolean flag used to remove driver deployment when CR is deleted - type: boolean - forceUpdate: - description: ForceUpdate is the boolean flag used to force an update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: UsePrivateCaCerts is used to specify private CA signed certs + type: boolean + type: object + type: object + status: + description: ApexConnectivityClientStatus defines the observed state of ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: containerstoragemodules.storage.dell.com +spec: + group: storage.dell.com + names: + kind: ContainerStorageModule + listKind: ContainerStorageModuleList + plural: containerstoragemodules + shortNames: + - csm + singular: containerstoragemodule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ContainerStorageModule is the Schema for the containerstoragemodules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: AuthSecret is the name of the credentials secret for the driver + type: string + common: + description: Common is the common specification for both controller and node plugins properties: args: description: Args is the set of arguments for the container @@ -1878,7 +1217,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1893,7 +1232,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1902,20 +1241,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: "Container name: required for volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -1934,12 +1273,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -2102,333 +1441,11 @@ spec: description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - node: - description: Node is the specification for Node plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - replicas: - description: Replicas is the count of controllers for Controller plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template + configVersion: + description: ConfigVersion is the configuration version of the driver + type: string + controller: + description: Controller is the specification for Controller plugin only properties: args: description: Args is the set of arguments for the container @@ -2521,7 +1538,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -2536,7 +1553,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -2545,20 +1562,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: "Container name: required for volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -2577,12 +1594,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -2745,33 +1762,28 @@ spec: description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver properties: - name: - description: Name is the name of the Snapshot Class + fSGroupPolicy: type: string - parameters: - additionalProperties: - type: string - description: Parameters is a map of driver specific parameters for snapshot class - type: object + storageCapacity: + type: boolean type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: Modules is list of Container Storage Module modules you want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: Components is the specification for CSM components containers + csiDriverType: + description: CSIDriverType is the CSI Driver type for Dell Technologies - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + type: string + forceRemoveDriver: + description: ForceRemoveDriver is the boolean flag used to remove driver deployment when CR is deleted + type: boolean + forceUpdate: + description: ForceUpdate is the boolean flag used to force an update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers items: description: ContainerTemplate template properties: @@ -2866,7 +1878,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -2881,7 +1893,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -2890,20 +1902,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: "Container name: required for volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -2922,186 +1934,499 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: description: Hostname is the authorization proxy server hostname type: string - image: - description: Image is the image tag for the Container + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image + redisName: + description: RedisName is the name of the redis statefulset type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility + storageService: + description: StorageService is the image tag for the Container type: string - name: - description: Name is the name of Container + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - configVersion: - description: ConfigVersion is the configuration version of the module - type: string - enabled: - description: Enabled is used to indicate whether or not to deploy a module - type: boolean - forceRemoveModule: - description: ForceRemoveModule is the boolean flag used to remove authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + replicas: + description: Replicas is the count of controllers for Controller plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers items: description: ContainerTemplate template properties: @@ -3196,7 +2521,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -3211,7 +2536,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -3220,20 +2545,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: 'Container name: required for volumes, optional for env vars' + description: "Container name: required for volumes, optional for env vars" type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' + description: "Required: resource to select" type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -3252,12 +2577,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -3421,41 +2746,716 @@ spec: type: string type: object type: array - name: - description: Name is name of ContainerStorageModule modules + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct + properties: + name: + description: Name is the name of the Snapshot Class + type: string + parameters: + additionalProperties: + type: string + description: Parameters is a map of driver specific parameters for snapshot class + type: object + type: object + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: Modules is list of Container Storage Module modules you want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: Components is the specification for CSM components containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + configVersion: + description: ConfigVersion is the configuration version of the module + type: string + enabled: + description: Enabled is used to indicate whether or not to deploy a module + type: boolean + forceRemoveModule: + description: ForceRemoveModule is the boolean flag used to remove authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: "Container name: required for volumes, optional for env vars" + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: "Required: resource to select" + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + name: + description: Name is name of ContainerStorageModule modules + type: string + type: object + type: array + type: object + status: + description: ContainerStorageModuleStatus defines the observed state of ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: type: string type: object - type: array - type: object - status: - description: ContainerStorageModuleStatus defines the observed state of ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 3dd1525b7..fc1cffdca 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -12,1218 +12,1218 @@ metadata: name: dell-csm-operator-leader-election-role namespace: dell-csm-operator rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-application-mobility-velero-server rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-manager-role rules: -- nonResourceURLs: - - /metrics - verbs: - - get -- apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - '*' -- apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch -- apiGroups: - - '*' - resourceNames: - - application-mobility-velero-server - resources: - - '*' - verbs: - - '*' -- apiGroups: - - acme.cert-manager.io - resources: - - '*/*' - verbs: - - '*' -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update -- apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update -- apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch -- apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch -- apiGroups: - - cert-manager.io - resources: - - '*/*' - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update -- apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update -- apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update -- apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update -- apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch -- apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update -- apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - '*' -- apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update -- apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update -- apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - "*" + - apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch + - apiGroups: + - "*" + resourceNames: + - application-mobility-velero-server + resources: + - "*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update + - apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - "*/*" + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - "*" + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update + - apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -1235,9 +1235,9 @@ roleRef: kind: Role name: dell-csm-operator-leader-election-role subjects: -- kind: ServiceAccount - name: default - namespace: dell-csm-operator + - kind: ServiceAccount + name: default + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1248,9 +1248,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-application-mobility-velero-server subjects: -- kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator + - kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1261,9 +1261,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-manager-role subjects: -- kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator + - kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1274,9 +1274,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-proxy-role subjects: -- kind: ServiceAccount - name: default - namespace: dell-csm-operator + - kind: ServiceAccount + name: default + namespace: dell-csm-operator --- apiVersion: v1 data: @@ -1306,10 +1306,10 @@ metadata: namespace: dell-csm-operator spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager --- @@ -1333,89 +1333,89 @@ spec: control-plane: controller-manager spec: containers: - - args: - - --leader-elect - command: - - /manager - env: - - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.1 - - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.11.0 - - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.11.0 - - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.1 - - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.1 - - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - - name: RELATED_IMAGE_sdc - value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.9.0 - - name: RELATED_IMAGE_otel-collector - value: docker.io/otel/opentelemetry-collector:0.42.0 - - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.10.0 - - name: RELATED_IMAGE_kube-rbac-proxy - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - - name: RELATED_IMAGE_attacher - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - - name: RELATED_IMAGE_provisioner - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - - name: RELATED_IMAGE_registrar - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - - name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - - name: RELATED_IMAGE_externalhealthmonitorcontroller - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.8.0 - - name: RELATED_IMAGE_dell-connectivity-client - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - - name: RELATED_IMAGE_cert-persister - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.6.1 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi - securityContext: - allowPrivilegeEscalation: false + - args: + - --leader-elect + command: + - /manager + env: + - name: RELATED_IMAGE_dell-csm-operator + value: docker.io/dellemc/dell-csm-operator:v1.6.1 + - name: RELATED_IMAGE_csi-isilon + value: docker.io/dellemc/csi-isilon:v2.11.0 + - name: RELATED_IMAGE_csi-powermax + value: docker.io/dellemc/csi-powermax:v2.11.0 + - name: RELATED_IMAGE_csipowermax-reverseproxy + value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + - name: RELATED_IMAGE_csi-powerstore + value: docker.io/dellemc/csi-powerstore:v2.11.1 + - name: RELATED_IMAGE_csi-unity + value: docker.io/dellemc/csi-unity:v2.11.1 + - name: RELATED_IMAGE_csi-vxflexos + value: docker.io/dellemc/csi-vxflexos:v2.11.0 + - name: RELATED_IMAGE_sdc + value: docker.io/dellemc/sdc:4.5.2.1 + - name: RELATED_IMAGE_karavi-authorization-proxy + value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + - name: RELATED_IMAGE_dell-csi-replicator + value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + - name: RELATED_IMAGE_dell-replication-controller-manager + value: docker.io/dellemc/dell-replication-controller:v1.9.0 + - name: RELATED_IMAGE_topology + value: docker.io/dellemc/csm-topology:v1.9.0 + - name: RELATED_IMAGE_otel-collector + value: docker.io/otel/opentelemetry-collector:0.42.0 + - name: RELATED_IMAGE_metrics-powerscale + value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + - name: RELATED_IMAGE_metrics-powermax + value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + - name: RELATED_IMAGE_metrics-powerflex + value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + - name: RELATED_IMAGE_podmon-node + value: docker.io/dellemc/podmon:v1.10.0 + - name: RELATED_IMAGE_kube-rbac-proxy + value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + - name: RELATED_IMAGE_attacher + value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: RELATED_IMAGE_provisioner + value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + - name: RELATED_IMAGE_snapshotter + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: RELATED_IMAGE_registrar + value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: RELATED_IMAGE_resizer + value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: RELATED_IMAGE_externalhealthmonitorcontroller + value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + - name: RELATED_IMAGE_metadataretriever + value: dellemc/csi-metadata-retriever:v1.8.0 + - name: RELATED_IMAGE_dell-connectivity-client + value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + - name: RELATED_IMAGE_cert-persister + value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.1 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi + securityContext: + allowPrivilegeEscalation: false securityContext: runAsNonRoot: true serviceAccountName: dell-csm-operator-manager-service-account diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml index 46864aaf2..bad756442 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml @@ -6,7 +6,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete","watch"] + verbs: ["list", "get", "create", "update", "delete", "watch"] - apiGroups: ["storage.dell.com"] resources: ["containerstoragemodules"] verbs: ["create", "delete"] diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index f50efd2ae..56d35205b 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -352,7 +352,13 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: ["sh", "-x", "-c", "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] + command: + [ + "sh", + "-x", + "-c", + "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", + ] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml index 5bd787720..f424caa03 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v0.0.0 \ No newline at end of file +minUpgradePath: v0.0.0 diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml index 46864aaf2..bad756442 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml @@ -6,7 +6,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list","get", "create", "update", "delete","watch"] + verbs: ["list", "get", "create", "update", "delete", "watch"] - apiGroups: ["storage.dell.com"] resources: ["containerstoragemodules"] verbs: ["create", "delete"] diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml index efad5a33c..fdc648540 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml @@ -352,7 +352,13 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: ["sh", "-x", "-c", "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] + command: + [ + "sh", + "-x", + "-c", + "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", + ] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml index e31c7337c..b01ee82c7 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -111,13 +111,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -210,7 +210,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml index 7debd9c08..5e0a6004f 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml index b735e19d4..10f09bb9f 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml @@ -77,7 +77,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -86,7 +86,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -209,11 +209,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml index f0a353a03..f747ae20b 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml index fab3f832d..eb0706e64 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml index 7debd9c08..5e0a6004f 100644 --- a/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml index 05370e3b5..a6162260c 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--leader-election" - "--array-config=/vxflexos-config/config" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml index c47b034b8..0c97b3b5c 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml index 884a1baf8..3c1a6be36 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml index 49646be0d..56d7677ad 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml index 08e3f335e..554a7bb74 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.2 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml index bc8bb4aeb..3110f064f 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml index 75c3eeb5e..462af9b05 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.2 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml index 40127fb1f..8f574a6cd 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -129,13 +129,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -234,7 +234,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -319,6 +319,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml index 5bacf36ae..d587761b5 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml index 1cfd41fba..1486c847f 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -254,8 +254,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml index 43531698e..f5d10384f 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -317,6 +317,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml index 5bacf36ae..d587761b5 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml index 577d86486..4d73badbf 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -251,8 +251,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml index 5bacf36ae..d587761b5 100644 --- a/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml index 5302c6efb..963ee2f34 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] args: - "--leader-election" env: @@ -319,6 +319,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml index 5bacf36ae..d587761b5 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml index d58f1028a..9e48f07c0 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -252,8 +252,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml index 4dc0ae6c1..d58512998 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -317,6 +317,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml index 5bacf36ae..d587761b5 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml index 02a5f3e81..88313fd54 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -252,8 +252,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml index 333fbc4c6..109ad0700 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -120,13 +120,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -245,7 +245,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: [ "/csi-metadata-retriever" ] + command: ["/csi-metadata-retriever"] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -257,7 +257,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -329,4 +329,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml index facd6cd6a..65a4a2756 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml index e615ab810..5e0a6004f 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml @@ -11,4 +11,3 @@ data: PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" PODMON_NODE_LOG_FORMAT: "TEXT" - diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml index 46e72a753..2effc692a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -214,4 +214,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml index c25e5fbd8..6c0c7a980 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: [ "/csi-metadata-retriever" ] + command: ["/csi-metadata-retriever"] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -327,4 +327,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml index facd6cd6a..65a4a2756 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml index 01b9bf64e..744b35635 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml index 51da5a0e8..1abdfb403 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml @@ -84,7 +84,7 @@ rules: # Permissions for ReplicationReplicator - apiGroups: [""] resources: ["namespaces"] - verbs: ["create", "get", "list", "watch"] + verbs: ["create", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml index facd6cd6a..65a4a2756 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml index e615ab810..5e0a6004f 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml @@ -11,4 +11,3 @@ data: PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" PODMON_NODE_LOG_FORMAT: "TEXT" - diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml index d18e7a58c..cb8988fd6 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: [ "/csi-metadata-retriever" ] + command: ["/csi-metadata-retriever"] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.0 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -331,4 +331,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml index facd6cd6a..65a4a2756 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml index 481328689..ad3172063 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml index 4b868cf7c..47c71fdd6 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: [ "/csi-metadata-retriever" ] + command: ["/csi-metadata-retriever"] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -327,4 +327,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml index facd6cd6a..65a4a2756 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml index 8f49a7d38..87ba55cbd 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml index 0b55612eb..24f66522d 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -124,13 +125,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -227,7 +228,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -269,4 +270,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml index d1665bef5..5952d534f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml @@ -94,8 +94,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.0 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml index eb6ddcf5b..ed3d549c6 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml index 6f1f8c550..3a1b1523c 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml index 758677ae0..727c7970b 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] diff --git a/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml index 83ba7ec4f..96f978ea1 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml index d3c3dc09d..6316f9337 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml index 54be45f3e..5bc1c7304 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.0 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml index 360a96012..6f4dba187 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml @@ -13,4 +13,4 @@ # limitations under the License. # # -minUpgradePath: v2.7.0 \ No newline at end of file +minUpgradePath: v2.7.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml index a16762bac..f782a5b6c 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml index e1925f3a5..6d7b43067 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.1 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml index 7d71b0571..fa11ba7b8 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -113,13 +113,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -255,7 +255,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml index 3a1c28626..513ea7c3a 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" \ No newline at end of file + TENANT_NAME: "" diff --git a/operatorconfig/driverconfig/unity/v2.10.0/node.yaml b/operatorconfig/driverconfig/unity/v2.10.0/node.yaml index 63d054886..b6c5ad00b 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/node.yaml @@ -78,7 +78,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.10.0 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -185,7 +185,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml index 463fe2381..4fda23e47 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml index ef69e5863..41f8c4d2c 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.10.1 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml index 3a1c28626..513ea7c3a 100644 --- a/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" \ No newline at end of file + TENANT_NAME: "" diff --git a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml index 3a1c28626..513ea7c3a 100644 --- a/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" \ No newline at end of file + TENANT_NAME: "" diff --git a/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml index a3ef3e8e1..a4e9a169a 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -254,7 +254,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.9.0/node.yaml b/operatorconfig/driverconfig/unity/v2.9.0/node.yaml index 90b5ef5de..145b2f971 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.9.0 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml index 42c1d36fb..fab8efca9 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.7.0 \ No newline at end of file +minUpgradePath: v2.7.0 diff --git a/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml index b0a0d209e..5b12f10d2 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/operatorconfig/driverconfig/unity/v2.9.1/node.yaml b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml index 260f31198..5c64fd57c 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.9.1 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml index d59f12d32..96b1ac2d8 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml index 5844f8044..28efb5959 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: \ No newline at end of file + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml index 09a0f1b8d..692c3c6dc 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string type: object - type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string - type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,215 +567,238 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will - be cloned to. - items: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: + BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: + Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: + Clones is the list of targets where this backup will + be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + restoreOnceAvailable: + description: + Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: + Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - podVolumeBackups: - items: + veleroBackup: + nullable: true type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: + SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: + LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml index 4b26371e1..fea760de2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None \ No newline at end of file +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml index 92903f461..06216bf10 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml index 176a995d1..ea50d0b3f 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml index bdfd1f654..722088a92 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml @@ -16,86 +16,94 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: + MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: + ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: + VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: + LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -121,581 +129,661 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - kind: - description: Kind is the type of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: type: string - name: - description: Name is the name of resource being referenced + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: + BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: + BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: + Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: + FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: + FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: + Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: + ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: + TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable). + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: - Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + version: + description: + "Version is the backup format major version. Deprecated: + Please see FormatVersion" + type: integer + volumeSnapshotsAttempted: + description: + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -719,165 +807,186 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero - storage. Optional. + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: + LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: + AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: + BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: + Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: + ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: + CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: + Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: + ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: + BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: + "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: + "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: + LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: + LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -903,63 +1012,67 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: + Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -985,80 +1098,86 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: + Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: + DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: + Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1084,190 +1203,206 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running - on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: + Node is the name of the node that the Pod is running + on. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} -status: + description: + Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: + Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: acceptedNames: kind: "" plural: "" @@ -1292,174 +1427,186 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: + SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1485,464 +1632,531 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook - for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: + BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: + ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: + Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: + RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + postHooks: + description: + PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: + RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: + Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: + ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: + WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: + InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + preserveNodePorts: + description: + PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: + RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: + ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: + ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: + CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: + Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: + FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: + Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: + ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: + TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: + RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: + RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: + StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1968,535 +2182,604 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: + Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: + key is the label key that the + selector applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command + values: + description: + values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector + description: + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship + description: + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: + A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + type: array + type: object + useOwnerReferencesInBackup: + description: + UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2520,69 +2803,74 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: + Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: + ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2606,79 +2894,88 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. + - name: v1 + schema: + openAPIV3Schema: + description: + VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: + VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: + VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml index 5f8217b2a..573edbe24 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml index 0772314bf..49eecc8a7 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml index e66d5127b..b8fd89588 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml index d59f12d32..96b1ac2d8 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml index 5844f8044..28efb5959 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: \ No newline at end of file + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml index 09a0f1b8d..692c3c6dc 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string type: object - type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string - type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,215 +567,238 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will - be cloned to. - items: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: + BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: + Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: + Clones is the list of targets where this backup will + be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + restoreOnceAvailable: + description: + Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: + Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - podVolumeBackups: - items: + veleroBackup: + nullable: true type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: + SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: + LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml index 4b26371e1..fea760de2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None \ No newline at end of file +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml index 92903f461..06216bf10 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml index 176a995d1..ea50d0b3f 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml index bdfd1f654..722088a92 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml @@ -16,86 +16,94 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: + MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: + ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: + VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: + LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -121,581 +129,661 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - kind: - description: Kind is the type of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: type: string - name: - description: Name is the name of resource being referenced + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: + BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: + BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: + Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: + FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: + FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: + Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: + ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: + TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable). + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: - Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + version: + description: + "Version is the backup format major version. Deprecated: + Please see FormatVersion" + type: integer + volumeSnapshotsAttempted: + description: + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -719,165 +807,186 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero - storage. Optional. + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: + LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: + AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: + BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: + Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: + ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: + CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: + Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: + ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: + BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: + "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: + "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: + LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: + LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -903,63 +1012,67 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: + Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -985,80 +1098,86 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: + Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: + DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: + Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1084,190 +1203,206 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running - on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: + Node is the name of the node that the Pod is running + on. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} -status: + description: + Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: + Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: acceptedNames: kind: "" plural: "" @@ -1292,174 +1427,186 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: + SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1485,464 +1632,531 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook - for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: + BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: + ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: + Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: + RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + postHooks: + description: + PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: + RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: + Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: + ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: + WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: + InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + preserveNodePorts: + description: + PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: + RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: + ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: + ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: + CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: + Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: + FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: + Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: + ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: + TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: + RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: + RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: + StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1968,535 +2182,604 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: + Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: + key is the label key that the + selector applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command + values: + description: + values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector + description: + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship + description: + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: + A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + type: array + type: object + useOwnerReferencesInBackup: + description: + UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2520,69 +2803,74 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: + Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: + ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2606,79 +2894,88 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. + - name: v1 + schema: + openAPIV3Schema: + description: + VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: + VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: + VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml index 5f8217b2a..573edbe24 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml index 0772314bf..49eecc8a7 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml index e66d5127b..b8fd89588 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml index d59f12d32..96b1ac2d8 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml index 5844f8044..28efb5959 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: \ No newline at end of file + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml index 09a0f1b8d..692c3c6dc 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string type: object - type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string - type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,215 +567,238 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will - be cloned to. - items: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: + BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: + Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: + Clones is the list of targets where this backup will + be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + restoreOnceAvailable: + description: + Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: + Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - podVolumeBackups: - items: + veleroBackup: + nullable: true type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: + SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: + LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml index 4b26371e1..fea760de2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None \ No newline at end of file +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml index 92903f461..06216bf10 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml index 176a995d1..ea50d0b3f 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml index bdfd1f654..722088a92 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml @@ -16,86 +16,94 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: + MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: + ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: + VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: + LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -121,581 +129,661 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - kind: - description: Kind is the type of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: type: string - name: - description: Name is the name of resource being referenced + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: + BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: + BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: + Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: + FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: + FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: + Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: + ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: + TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable). + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: - Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + version: + description: + "Version is the backup format major version. Deprecated: + Please see FormatVersion" + type: integer + volumeSnapshotsAttempted: + description: + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -719,165 +807,186 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero - storage. Optional. + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: + LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: + AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: + BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: + Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: + ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: + CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: + Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: + ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: + BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: + "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: + "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: + LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: + LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -903,63 +1012,67 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: + Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -985,80 +1098,86 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: + Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: + DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: + Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1084,190 +1203,206 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running - on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: + Node is the name of the node that the Pod is running + on. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} -status: + description: + Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: + Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: acceptedNames: kind: "" plural: "" @@ -1292,174 +1427,186 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: + SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1485,464 +1632,531 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook - for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: + BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: + ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: + Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: + RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + postHooks: + description: + PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: + RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: + Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: + ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: + WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: + InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + preserveNodePorts: + description: + PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: + RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: + ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: + ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: + CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: + Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: + FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: + Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: + ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: + TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: + RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: + RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: + StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1968,535 +2182,604 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: + Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: + key is the label key that the + selector applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command + values: + description: + values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector + description: + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship + description: + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: + A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + type: array + type: object + useOwnerReferencesInBackup: + description: + UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2520,69 +2803,74 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: + Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: + ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2606,79 +2894,88 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. + - name: v1 + schema: + openAPIV3Schema: + description: + VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: + VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: + VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml index 5f8217b2a..573edbe24 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml index 0772314bf..49eecc8a7 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml index e66d5127b..b8fd89588 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml index d59f12d32..96b1ac2d8 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml index 5844f8044..28efb5959 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: \ No newline at end of file + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml index 09a0f1b8d..692c3c6dc 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string type: object - type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string - type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,215 +567,238 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will - be cloned to. - items: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: + BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: + Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: + Clones is the list of targets where this backup will + be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + restoreOnceAvailable: + description: + Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: + Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - podVolumeBackups: - items: + veleroBackup: + nullable: true type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: + SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: + LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml index 4b26371e1..fea760de2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None \ No newline at end of file +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml index 92903f461..06216bf10 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml index c187685e6..20231f870 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml @@ -12,7 +12,7 @@ spec: objectStorage: bucket: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml index bdfd1f654..722088a92 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml @@ -16,86 +16,94 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: + MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: + ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: + VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: + LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -121,581 +129,661 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - kind: - description: Kind is the type of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: type: string - name: - description: Name is the name of resource being referenced + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: + BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: + BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: + Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: + FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: + FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: + Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: + ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: + TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable). + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable). - items: - type: string - nullable: true - type: array - version: - description: 'Version is the backup format major version. Deprecated: - Please see FormatVersion' - type: integer - volumeSnapshotsAttempted: - description: VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + version: + description: + "Version is the backup format major version. Deprecated: + Please see FormatVersion" + type: integer + volumeSnapshotsAttempted: + description: + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -719,165 +807,186 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero - storage. Optional. + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: + LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: + AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: + BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: + Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: + ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: + CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: + Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: + ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: + BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: + "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: + "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: + LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: + LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -903,63 +1012,67 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: + Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -985,80 +1098,86 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: + Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: + DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: + Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1084,190 +1203,206 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running - on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: + Node is the name of the node that the Pod is running + on. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: - type: string - description: Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} -status: + description: + Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: + Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} +status: acceptedNames: kind: "" plural: "" @@ -1292,174 +1427,186 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: + BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: + 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + name: + description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + type: string + namespace: + description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" + type: string + resourceVersion: + description: + "Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" + type: string + uid: + description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: + SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: + Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1485,464 +1632,531 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook - for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: + Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: + BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: + ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: + Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: + RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. + postHooks: + description: + PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: + RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: + Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: + ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: + WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: + InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the + description: + values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. + array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single + description: + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: + A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nullable: true + type: array + preserveNodePorts: + description: + PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: + RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: + ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: + ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: + CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: + Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: + FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: + Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: + ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: + TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: + RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: + RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: + StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: + Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1968,535 +2182,604 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: + Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: + CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. - type: string - post: - description: PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. + defaultVolumesToFsBackup: + description: + DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: + "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: + BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: + key is the label key that the + selector applies to. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. - type: string - required: - - command + values: + description: + values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. - type: string - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. + post: + description: + PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: + PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: + Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: + ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector + description: + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: key is the label key that the selector + description: + key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship + description: + operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: + OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: + A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: + OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: + APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: + TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + type: array + type: object + useOwnerReferencesInBackup: + description: + UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: + ValidationErrors is a slice of all validation errors + (if applicable) + items: type: string - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2520,69 +2803,74 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: + ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: + Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: + ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2606,79 +2894,88 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. + - name: v1 + schema: + openAPIV3Schema: + description: + VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: + "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?" + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: + VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: + VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml index 5f8217b2a..573edbe24 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml index 0772314bf..49eecc8a7 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml index e66d5127b..b8fd89588 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml index 70dbd21c2..96b1ac2d8 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml @@ -7,10 +7,10 @@ metadata: namespace: spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager --- @@ -19,7 +19,7 @@ kind: ClusterRole metadata: name: -metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml index 5844f8044..28efb5959 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update -- apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update -- apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update -- apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: + - kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: -- kind: ServiceAccount - name: -controller-manager - namespace: \ No newline at end of file + - kind: ServiceAccount + name: -controller-manager + namespace: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml index 09a0f1b8d..692c3c6dc 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string type: object - type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string - type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,215 +567,238 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will - be cloned to. - items: + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: + BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: + Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: + Clones is the list of targets where this backup will + be cloned to. + items: + properties: + namespaceMapping: + additionalProperties: + type: string + description: + NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + restoreOnceAvailable: + description: + Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: + Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string + type: object + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: + ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: + IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: + IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: + IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: - namespaceMapping: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: + A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: + operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: + values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: type: string - description: NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. + description: + matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - podVolumeBackups: - items: + veleroBackup: + nullable: true type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: + Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: + SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: + LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml index 47a420155..fea760de2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml @@ -5,9 +5,9 @@ metadata: namespace: spec: ports: - - port: 443 - protocol: TCP - targetPort: 9443 + - port: 443 + protocol: TCP + targetPort: 9443 selector: control-plane: controller-manager --- @@ -18,26 +18,26 @@ metadata: cert-manager.io/inject-ca-from: /-serving-cert name: -mutating-webhook-configuration webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -46,23 +46,23 @@ metadata: cert-manager.io/inject-ca-from: /-serving-cert name: -validating-webhook-configuration webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None \ No newline at end of file + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml index 92903f461..06216bf10 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml index c187685e6..20231f870 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml @@ -12,7 +12,7 @@ spec: objectStorage: bucket: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml index 78325b3de..4492bef26 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml @@ -16,94 +16,97 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: |- - ResticIdentifier is the full restic-compatible string for identifying - this repository. - type: string - volumeNamespace: - description: |- - VolumeNamespace is the namespace this backup repository contains - pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: + MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: |- + ResticIdentifier is the full restic-compatible string for identifying + this repository. + type: string + volumeNamespace: + description: |- + VolumeNamespace is the namespace this backup repository contains + pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: + LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -129,393 +132,344 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: |- - CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to - ReadyToUse during creation, before returning error as timeout. - The default value is 10 minute. - type: string - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - defaultVolumesToFsBackup: - description: |- - DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used - for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: |- - DefaultVolumesToRestic specifies whether restic should be used to take a - backup of all pod volumes by default. + - name: v1 + schema: + openAPIV3Schema: + description: |- + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. - Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. - nullable: true - type: boolean - excludedClusterScopedResources: - description: |- - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. - If set to "*", all cluster-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: |- - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. - If set to "*", all namespace-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: |- - BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. - type: string - post: - description: |- - PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. - These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: |- - PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. - These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: |- - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. - If set to "*", all cluster-scoped resource types are included. - The default value is empty, which means only related - cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: |- - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. - The default value is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations - The default value is 4 hour. - type: string - labelSelector: - description: |- - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of them - can be used. - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -523,7 +477,8 @@ spec: relates the key and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: @@ -541,8 +496,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -555,226 +510,298 @@ spec: type: object type: object x-kubernetes-map-type: atomic - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: |- - OrderedResources specifies the backup order of resources of specific Kind. - The map key is the resource name and value is a list of object names separated by commas. - Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: + SnapshotMoveData specifies whether snapshot data should + be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: + ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - snapshotMoveData: - description: SnapshotMoveData specifies whether snapshot data should - be moved - nullable: true - type: boolean - snapshotVolumes: - description: |- - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included - in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: |- - TTL is a time.Duration-parseable string describing how long - the Backup should be retained for. - type: string - uploaderConfig: - description: UploaderConfig specifies the configuration for the uploader. - nullable: true - properties: - parallelFilesUpload: - description: ParallelFilesUpload is the number of files parallel - uploads to perform when using the uploader. - type: integer - type: object - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: |- - BackupItemOperationsAttempted is the total number of attempted - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: |- - BackupItemOperationsCompleted is the total number of successfully completed - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsFailed: - description: |- - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an error. - type: integer - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: |- - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: |- - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: |- - Errors is a count of all error messages that were generated during - execution of the backup. The actual errors are in the backup's log - file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - hookStatus: - description: HookStatus contains information about the status of the - hooks. - nullable: true - properties: - hooksAttempted: - description: |- - HooksAttempted is the total number of attempted hooks - Specifically, HooksAttempted represents the number of hooks that failed to execute - and the number of hooks that executed successfully. - type: integer - hooksFailed: - description: HooksFailed is the total number of hooks which ended - with an error - type: integer - type: object - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: |- - Progress contains information about the backup's execution progress. Note - that this information is best-effort only -- if Velero fails to update it - during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: |- - ItemsBackedUp is the number of items that have actually been written to the - backup tarball so far. - type: integer - totalItems: - description: |- - TotalItems is the total number of items to be backed up. This number may change - throughout the execution of the backup due to plugins that return additional related - items to back up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable). - items: - type: string - nullable: true - type: array - version: - description: |- - Version is the backup format major version. - Deprecated: Please see FormatVersion - type: integer - volumeSnapshotsAttempted: - description: |- - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: |- - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: |- - Warnings is a count of all warning messages that were generated during - execution of the backup. The actual warnings are in the backup's log - file in object storage. - type: integer - type: object - type: object - served: true - storage: true -status: - acceptedNames: + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: |- + BackupItemOperationsAttempted is the total number of attempted + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: |- + BackupItemOperationsCompleted is the total number of successfully completed + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsFailed: + description: |- + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an error. + type: integer + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: |- + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: |- + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the backup. The actual errors are in the backup's log + file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: + FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: + FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + hookStatus: + description: + HookStatus contains information about the status of the + hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: + HooksFailed is the total number of hooks which ended + with an error + type: integer + type: object + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: |- + Progress contains information about the backup's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: |- + ItemsBackedUp is the number of items that have actually been written to the + backup tarball so far. + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be backed up. This number may change + throughout the execution of the backup due to plugins that return additional related + items to back up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable). + items: + type: string + nullable: true + type: array + version: + description: |- + Version is the backup format major version. + Deprecated: Please see FormatVersion + type: integer + volumeSnapshotsAttempted: + description: |- + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: |- + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the backup. The actual warnings are in the backup's log + file in object storage. + type: integer + type: object + type: object + served: true + storage: true +status: + acceptedNames: kind: "" plural: "" conditions: [] @@ -796,180 +823,194 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - default: - description: Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: Prefix is the path inside a bucket to use for Velero - storage. Optional. + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: + LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: + BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: + BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: + AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: + BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: |- - AccessMode is an unused field. + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: + Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: + ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: + CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: + Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: + ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: + BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: |- + AccessMode is an unused field. - Deprecated: there is now an AccessMode field on the Spec and this field - will be removed entirely as of v2.0. - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: |- - LastSyncedRevision is the value of the `metadata/revision` file in the backup - storage location the last time the BSL's contents were synced into the cluster. + Deprecated: there is now an AccessMode field on the Spec and this field + will be removed entirely as of v2.0. + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: |- + LastSyncedRevision is the value of the `metadata/revision` file in the backup + storage location the last time the BSL's contents were synced into the cluster. - Deprecated: this field is no longer updated or used for detecting changes to - the location's contents and will be removed entirely in v2.0. - type: string - lastSyncedTime: - description: |- - LastSyncedTime is the last time the contents of the location were synced into - the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: |- - LastValidationTime is the last time the backup store location was validated - the cluster. - format: date-time - nullable: true - type: string - message: - description: Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + Deprecated: this field is no longer updated or used for detecting changes to + the location's contents and will be removed entirely in v2.0. + type: string + lastSyncedTime: + description: |- + LastSyncedTime is the last time the contents of the location were synced into + the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: |- + LastValidationTime is the last time the backup store location was validated + the cluster. + format: date-time + nullable: true + type: string + message: + description: + Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -994,179 +1035,185 @@ spec: singular: datadownload scope: Namespaced versions: - - additionalPrinterColumns: - - description: DataDownload status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time duration since this DataDownload was started - jsonPath: .status.startTimestamp - name: Started - type: date - - description: Completed bytes - format: int64 - jsonPath: .status.progress.bytesDone - name: Bytes Done - type: integer - - description: Total bytes - format: int64 - jsonPath: .status.progress.totalBytes - name: Total Bytes - type: integer - - description: Name of the Backup Storage Location where the backup data is stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - description: Time duration since this DataDownload was created - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Name of the node where the DataDownload is processed - jsonPath: .status.node - name: Node - type: string - name: v2alpha1 - schema: - openAPIV3Schema: - description: DataDownload acts as the protocol between data mover plugins - and data mover controller for the datamover restore operation - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DataDownloadSpec is the specification for a DataDownload. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - cancel: - description: |- - Cancel indicates request to cancel the ongoing DataDownload. It can be set - when the DataDownload is in InProgress phase - type: boolean - dataMoverConfig: - additionalProperties: - type: string - description: DataMoverConfig is for data-mover-specific configuration - fields. - type: object - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - operationTimeout: - description: |- - OperationTimeout specifies the time used to wait internal operations, - before returning error as timeout. - type: string - snapshotID: - description: SnapshotID is the ID of the Velero backup snapshot to - be restored from. - type: string - sourceNamespace: - description: |- - SourceNamespace is the original namespace where the volume is backed up from. - It may be different from SourcePVC's namespace if namespace is remapped during restore. - type: string - targetVolume: - description: TargetVolume is the information of the target PVC and - PV. - properties: - namespace: - description: Namespace is the target namespace - type: string - pv: - description: PV is the name of the target PV that is created by - Velero restore - type: string - pvc: - description: PVC is the name of the target PVC that is created - by Velero restore + - additionalPrinterColumns: + - description: DataDownload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataDownload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where the backup data is stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataDownload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataDownload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: + DataDownload acts as the protocol between data mover plugins + and data mover controller for the datamover restore operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataDownloadSpec is the specification for a DataDownload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataDownload. It can be set + when the DataDownload is in InProgress phase + type: boolean + dataMoverConfig: + additionalProperties: type: string - required: - - namespace - - pv - - pvc - type: object - required: - - backupStorageLocation - - operationTimeout - - snapshotID - - sourceNamespace - - targetVolume - type: object - status: - description: DataDownloadStatus is the current status of a DataDownload. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the DataDownload's status. - type: string - node: - description: Node is name of the node where the DataDownload is processed. - type: string - phase: - description: Phase is the current state of the DataDownload. - enum: - - New - - Accepted - - Prepared - - InProgress - - Canceling - - Canceled - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the snapshot and the current - number of restored bytes. This can be used to display progress information - about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: + DataMoverConfig is for data-mover-specific configuration + fields. + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotID: + description: + SnapshotID is the ID of the Velero backup snapshot to + be restored from. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It may be different from SourcePVC's namespace if namespace is remapped during restore. + type: string + targetVolume: + description: + TargetVolume is the information of the target PVC and + PV. + properties: + namespace: + description: Namespace is the target namespace + type: string + pv: + description: + PV is the name of the target PV that is created by + Velero restore + type: string + pvc: + description: + PVC is the name of the target PVC that is created + by Velero restore + type: string + required: + - namespace + - pv + - pvc + type: object + required: + - backupStorageLocation + - operationTimeout + - snapshotID + - sourceNamespace + - targetVolume + type: object + status: + description: DataDownloadStatus is the current status of a DataDownload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the DataDownload's status. + type: string + node: + description: Node is name of the node where the DataDownload is processed. + type: string + phase: + description: Phase is the current state of the DataDownload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1185,204 +1232,216 @@ spec: singular: dataupload scope: Namespaced versions: - - additionalPrinterColumns: - - description: DataUpload status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time duration since this DataUpload was started - jsonPath: .status.startTimestamp - name: Started - type: date - - description: Completed bytes - format: int64 - jsonPath: .status.progress.bytesDone - name: Bytes Done - type: integer - - description: Total bytes - format: int64 - jsonPath: .status.progress.totalBytes - name: Total Bytes - type: integer - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - description: Time duration since this DataUpload was created - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Name of the node where the DataUpload is processed - jsonPath: .status.node - name: Node - type: string - name: v2alpha1 - schema: - openAPIV3Schema: - description: DataUpload acts as the protocol between data mover plugins and - data mover controller for the datamover backup operation - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DataUploadSpec is the specification for a DataUpload. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - cancel: - description: |- - Cancel indicates request to cancel the ongoing DataUpload. It can be set - when the DataUpload is in InProgress phase - type: boolean - csiSnapshot: - description: If SnapshotType is CSI, CSISnapshot provides the information - of the CSI snapshot. - nullable: true - properties: - snapshotClass: - description: SnapshotClass is the name of the snapshot class that - the volume snapshot is created with - type: string - storageClass: - description: StorageClass is the name of the storage class of - the PVC that the volume snapshot is created from + - additionalPrinterColumns: + - description: DataUpload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataUpload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataUpload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataUpload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: + DataUpload acts as the protocol between data mover plugins and + data mover controller for the datamover backup operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataUploadSpec is the specification for a DataUpload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataUpload. It can be set + when the DataUpload is in InProgress phase + type: boolean + csiSnapshot: + description: + If SnapshotType is CSI, CSISnapshot provides the information + of the CSI snapshot. + nullable: true + properties: + snapshotClass: + description: + SnapshotClass is the name of the snapshot class that + the volume snapshot is created with + type: string + storageClass: + description: + StorageClass is the name of the storage class of + the PVC that the volume snapshot is created from + type: string + volumeSnapshot: + description: + VolumeSnapshot is the name of the volume snapshot + to be backed up + type: string + required: + - storageClass + - volumeSnapshot + type: object + dataMoverConfig: + additionalProperties: type: string - volumeSnapshot: - description: VolumeSnapshot is the name of the volume snapshot - to be backed up + description: + DataMoverConfig is for data-mover-specific configuration + fields. + nullable: true + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotType: + description: + SnapshotType is the type of the snapshot to be backed + up. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It is the same namespace for SourcePVC and CSI namespaced objects. + type: string + sourcePVC: + description: + SourcePVC is the name of the PVC which the snapshot is + taken for. + type: string + required: + - backupStorageLocation + - operationTimeout + - snapshotType + - sourceNamespace + - sourcePVC + type: object + status: + description: DataUploadStatus is the current status of a DataUpload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + dataMoverResult: + additionalProperties: type: string - required: - - storageClass - - volumeSnapshot - type: object - dataMoverConfig: - additionalProperties: - type: string - description: DataMoverConfig is for data-mover-specific configuration - fields. - nullable: true - type: object - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - operationTimeout: - description: |- - OperationTimeout specifies the time used to wait internal operations, - before returning error as timeout. - type: string - snapshotType: - description: SnapshotType is the type of the snapshot to be backed - up. - type: string - sourceNamespace: - description: |- - SourceNamespace is the original namespace where the volume is backed up from. - It is the same namespace for SourcePVC and CSI namespaced objects. - type: string - sourcePVC: - description: SourcePVC is the name of the PVC which the snapshot is - taken for. - type: string - required: - - backupStorageLocation - - operationTimeout - - snapshotType - - sourceNamespace - - sourcePVC - type: object - status: - description: DataUploadStatus is the current status of a DataUpload. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - dataMoverResult: - additionalProperties: - type: string - description: DataMoverResult stores data-mover-specific information - as a result of the DataUpload. - nullable: true - type: object - message: - description: Message is a message about the DataUpload's status. - type: string - node: - description: Node is name of the node where the DataUpload is processed. - type: string - path: - description: Path is the full path of the snapshot volume being backed - up. - type: string - phase: - description: Phase is the current state of the DataUpload. - enum: - - New - - Accepted - - Prepared - - InProgress - - Canceling - - Canceled - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the volume and the current - number of backed up bytes. This can be used to display progress information - about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot in the - backup repository. - type: string - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: + DataMoverResult stores data-mover-specific information + as a result of the DataUpload. + nullable: true + type: object + message: + description: Message is a message about the DataUpload's status. + type: string + node: + description: Node is name of the node where the DataUpload is processed. + type: string + path: + description: + Path is the full path of the snapshot volume being backed + up. + type: string + phase: + description: Phase is the current state of the DataUpload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot in the + backup repository. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1402,68 +1461,70 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: + DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: + Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1489,88 +1550,91 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - DownloadRequest is a request to download an artifact from backup object storage, such as a backup - log file. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - - BackupVolumeInfos - - RestoreVolumeInfo - type: string - name: - description: Name is the name of the Kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: |- + DownloadRequest is a request to download an artifact from backup object storage, such as a backup + log file. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + - BackupVolumeInfos + - RestoreVolumeInfo + type: string + name: + description: + Name is the name of the Kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: + DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: + Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1596,213 +1660,219 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - node: - description: Node is the name of the node that the Pod is running - on. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: + Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + node: + description: + Node is the name of the node that the Pod is running + on. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + description: |- + Tags are a map of key-value pairs that should be applied to the + volume backup as tags. + type: object + uploaderSettings: + additionalProperties: type: string - type: object - x-kubernetes-map-type: atomic - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: - type: string - description: |- - Tags are a map of key-value pairs that should be applied to the - volume backup as tags. - type: object - uploaderSettings: - additionalProperties: - type: string - description: |- - UploaderSettings are a map of key-value pairs that should be applied to the - uploader configuration. - nullable: true - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: |- - Volume is the name of the volume within the Pod to be backed - up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the volume and the current - number of backed up bytes. This can be used to display progress information - about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: |- + Volume is the name of the volume within the Pod to be backed + up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: + Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: + SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1828,199 +1898,203 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - pod: - description: Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + pod: + description: + Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: + SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderSettings: + additionalProperties: type: string - type: object - x-kubernetes-map-type: atomic - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderSettings: - additionalProperties: - type: string - description: |- - UploaderSettings are a map of key-value pairs that should be applied to the - uploader configuration. - nullable: true - type: object - uploaderType: - description: UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the snapshot and the current - number of restored bytes. This can be used to display progress information - about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: + UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: + Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2046,322 +2120,274 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Restore is a Velero resource that represents the application of - resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: |- - BackupName is the unique name of the Velero backup to restore - from. - type: string - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: ExistingResourcePolicy specifies the restore behavior - for the Kubernetes resource to be restored - nullable: true - type: string - hooks: - description: Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: |- - RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. - type: string - postHooks: - description: PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: RestoreResourceHook defines a restore hook - for a resource. + - name: v1 + schema: + openAPIV3Schema: + description: |- + Restore is a Velero resource that represents the application of + resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: + ExistingResourcePolicy specifies the restore behavior + for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: + Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - execTimeout: - description: |- - ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - onError: - description: OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitForReady: - description: WaitForReady ensures command will - be launched when container is Ready instead - of Running. - nullable: true - type: boolean - waitTimeout: - description: |- - WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready - before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the restore. If null, defaults - to true. - nullable: true - type: boolean - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations - The default value is 4 hour. - type: string - labelSelector: - description: |- - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceMapping: - additionalProperties: - type: string - description: |- - NamespaceMapping is a map of source namespace names - to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when restoring individual objects from the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in restore request, only one of them - can be used - items: - description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. + postHooks: + description: + PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: + RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: + Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: + OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: + WaitForReady ensures command will + be launched when container is Ready instead + of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: + InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: + Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string + type: object + type: object + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -2369,7 +2395,8 @@ spec: relates the key and values. properties: key: - description: key is the label key that the selector applies + description: + key is the label key that the selector applies to. type: string operator: @@ -2387,8 +2414,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -2401,191 +2428,265 @@ spec: type: object type: object x-kubernetes-map-type: atomic - nullable: true - type: array - preserveNodePorts: - description: PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - resourceModifier: - description: ResourceModifier specifies the reference to JSON resource - patches that should be applied to resources before restoration. - nullable: true - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced + namespaceMapping: + additionalProperties: type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - restorePVs: - description: |- - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: |- - RestoreStatus specifies which resources we should restore the status - field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: description: |- - IncludedResources specifies the resources to which will restore the status. - If empty, it applies to all resources. - items: + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + preserveNodePorts: + description: + PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + resourceModifier: + description: + ResourceModifier specifies the reference to JSON resource + patches that should be applied to resources before restoration. + nullable: true + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string - nullable: true - type: array - type: object - scheduleName: - description: |- - ScheduleName is the unique name of the Velero schedule to restore - from. If specified, and BackupName is empty, Velero will restore - from the most recent successful backup created from this schedule. - type: string - uploaderConfig: - description: UploaderConfig specifies the configuration for the restore. - nullable: true - properties: - parallelFilesDownload: - description: ParallelFilesDownload is the concurrency number setting - for restore. - type: integer - writeSparseFiles: - description: WriteSparseFiles is a flag to indicate whether write - files sparsely or not. - nullable: true - type: boolean - type: object - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time the restore operation was completed. - Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: |- - Errors is a count of all error messages that were generated during - execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: FailureReason is an error that caused the entire restore - to fail. - type: string - hookStatus: - description: HookStatus contains information about the status of the - hooks. - nullable: true - properties: - hooksAttempted: - description: |- - HooksAttempted is the total number of attempted hooks - Specifically, HooksAttempted represents the number of hooks that failed to execute - and the number of hooks that executed successfully. - type: integer - hooksFailed: - description: HooksFailed is the total number of hooks which ended - with an error - type: integer - type: object - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Finalizing - - FinalizingPartiallyFailed - type: string - progress: - description: |- - Progress contains information about the restore's execution progress. Note - that this information is best-effort only -- if Velero fails to update it - during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: |- - TotalItems is the total number of items to be restored. This number may change - throughout the execution of the restore due to plugins that return additional related - items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: |- - RestoreItemOperationsAttempted is the total number of attempted - async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: |- - RestoreItemOperationsCompleted is the total number of successfully completed - async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsFailed: - description: |- - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an error. - type: integer - startTimestamp: - description: |- - StartTimestamp records the time the restore operation was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable) - items: - type: string - nullable: true - type: array - warnings: - description: |- - Warnings is a count of all warning messages that were generated during - execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: + ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the restore. + nullable: true + properties: + parallelFilesDownload: + description: + ParallelFilesDownload is the concurrency number setting + for restore. + type: integer + writeSparseFiles: + description: + WriteSparseFiles is a flag to indicate whether write + files sparsely or not. + nullable: true + type: boolean + type: object + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time the restore operation was completed. + Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: + FailureReason is an error that caused the entire restore + to fail. + type: string + hookStatus: + description: + HookStatus contains information about the status of the + hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: + HooksFailed is the total number of hooks which ended + with an error + type: integer + type: object + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Finalizing + - FinalizingPartiallyFailed + type: string + progress: + description: |- + Progress contains information about the restore's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: + ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be restored. This number may change + throughout the execution of the restore due to plugins that return additional related + items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: |- + RestoreItemOperationsAttempted is the total number of attempted + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: |- + RestoreItemOperationsCompleted is the total number of successfully completed + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsFailed: + description: |- + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an error. + type: integer + startTimestamp: + description: |- + StartTimestamp records the time the restore operation was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + nullable: true + type: array + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2611,434 +2712,387 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: |- - Schedule is a Velero resource that represents a pre-scheduled or - periodic Backup that should be run. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: |- - Schedule is a Cron expression defining when to run - the Backup. - type: string - skipImmediately: - description: |- - SkipImmediately specifies whether to skip backup if schedule is due immediately from `schedule.status.lastBackup` timestamp when schedule is unpaused or if schedule is new. - If true, backup will be skipped immediately when schedule is unpaused if it is due based on .Status.LastBackupTimestamp or schedule is new, and will run at next schedule time. - If false, backup will not be skipped immediately when schedule is unpaused, but will run at next schedule time. - If empty, will follow server configuration (default: false). - type: boolean - template: - description: |- - Template is the definition of the Backup to be run - on the provided schedule - properties: - csiSnapshotTimeout: - description: |- - CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to - ReadyToUse during creation, before returning error as timeout. - The default value is 10 minute. - type: string - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - defaultVolumesToFsBackup: - description: |- - DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used - for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: |- - DefaultVolumesToRestic specifies whether restic should be used to take a - backup of all pod volumes by default. - - - Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. - nullable: true - type: boolean - excludedClusterScopedResources: - description: |- - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. - If set to "*", all cluster-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: |- - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. - If set to "*", all namespace-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the backup. - items: + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + Schedule is a Velero resource that represents a pre-scheduled or + periodic Backup that should be run. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: |- + Schedule is a Cron expression defining when to run + the Backup. + type: string + skipImmediately: + description: |- + SkipImmediately specifies whether to skip backup if schedule is due immediately from `schedule.status.lastBackup` timestamp when schedule is unpaused or if schedule is new. + If true, backup will be skipped immediately when schedule is unpaused if it is due based on .Status.LastBackupTimestamp or schedule is new, and will run at next schedule time. + If false, backup will not be skipped immediately when schedule is unpaused, but will run at next schedule time. + If empty, will follow server configuration (default: false). + type: boolean + template: + description: |- + Template is the definition of the Backup to be run + on the provided schedule + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the backup. - items: + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. type: string - nullable: true - type: array - hooks: - description: Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: |- - BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. - type: string - post: - description: |- - PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. - These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. + + + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: + Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: + Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: + ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: + ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: + LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + matchExpressions: + description: + matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the + selector applies to. type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: |- - PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. - These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: Command is the command and arguments - to execute. - items: + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - required: - - exec type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: |- - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. - If set to "*", all cluster-scoped resource types are included. - The default value is empty, which means only related - cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: |- - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. - The default value is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations - The default value is 4 hour. - type: string - labelSelector: - description: |- - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of them - can be used. - items: + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: + BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: + Command is the command and arguments + to execute. + items: + type: string + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: + OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true properties: matchExpressions: - description: matchExpressions is a list of label selector + description: + matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -3046,7 +3100,8 @@ spec: relates the key and values. properties: key: - description: key is the label key that the selector + description: + key is the label key that the selector applies to. type: string operator: @@ -3064,8 +3119,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -3078,120 +3133,189 @@ spec: type: object type: object x-kubernetes-map-type: atomic - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: |- - OrderedResources specifies the backup order of resources of specific Kind. - The map key is the resource name and value is a list of object names separated by commas. - Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: + key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nullable: true + type: array + orderedResources: + additionalProperties: type: string - name: - description: Name is the name of resource being referenced + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: + ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: + SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: + StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: + UploaderConfig specifies the configuration for the + uploader. + nullable: true + properties: + parallelFilesUpload: + description: + ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: + VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - snapshotMoveData: - description: SnapshotMoveData specifies whether snapshot data - should be moved - nullable: true - type: boolean - snapshotVolumes: - description: |- - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included - in the Backup. - nullable: true - type: boolean - storageLocation: - description: StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: |- - TTL is a time.Duration-parseable string describing how long - the Backup should be retained for. + type: array + type: object + useOwnerReferencesInBackup: + description: |- + UseOwnerReferencesBackup specifies whether to use + OwnerReferences on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: |- + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + lastSkipped: + description: LastSkipped is the last time a Schedule was skipped + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: type: string - uploaderConfig: - description: UploaderConfig specifies the configuration for the - uploader. - nullable: true - properties: - parallelFilesUpload: - description: ParallelFilesUpload is the number of files parallel - uploads to perform when using the uploader. - type: integer - type: object - volumeSnapshotLocations: - description: VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: - type: string - type: array - type: object - useOwnerReferencesInBackup: - description: |- - UseOwnerReferencesBackup specifies whether to use - OwnerReferences on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: |- - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - lastSkipped: - description: LastSkipped is the last time a Schedule was skipped - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable) - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -3215,76 +3339,77 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - ServerStatusRequest is a request to access current status information about - the Velero server. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: |- - ProcessedTimestamp is when the ServerStatusRequest was processed - by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: |- + ServerStatusRequest is a request to access current status information about + the Velero server. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: + Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: |- + ProcessedTimestamp is when the ServerStatusRequest was processed + by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -3308,87 +3433,93 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: - type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: Credential contains the credential information intended - to be used with this location - properties: - key: - description: The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? + - name: v1 + schema: + openAPIV3Schema: + description: + VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: + VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + description: Config is for provider-specific configuration fields. + type: object + credential: + description: + Credential contains the credential information intended + to be used with this location + properties: + key: + description: + The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: + VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: + VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] \ No newline at end of file + storedVersions: [] diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml index 5f8217b2a..573edbe24 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: -- apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml index 0772314bf..49eecc8a7 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml index e66d5127b..b8fd89588 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml index 1ac00049c..6592680d4 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml index eba2e6c84..507372537 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis \ No newline at end of file + path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml index bd6feeab0..e26676c99 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,25 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml index 1ac00049c..6592680d4 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml index eba2e6c84..507372537 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis \ No newline at end of file + path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml index bd6feeab0..e26676c99 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,25 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml index 1ac00049c..6592680d4 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml index eba2e6c84..507372537 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis \ No newline at end of file + path: /csm-authorization/redis diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml index e32eacae4..e26676c99 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,25 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml index 741534e31..37bacf2ee 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml @@ -18,50 +18,50 @@ spec: csm: spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: csm: spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,12 +251,12 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis -apiVersion: apps/v1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-primary @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml index bd6feeab0..e26676c99 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,25 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml index be6d2f4a4..d37e8fb1b 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml @@ -18,50 +18,50 @@ spec: csm: spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: storage-volume - mountPath: /etc/karavi-authorization/storage + secret: + secretName: karavi-storage-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: storage-volume - secret: - secretName: karavi-storage-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: csm: spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,12 +251,12 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis -apiVersion: apps/v1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-primary @@ -279,19 +279,19 @@ spec: csm: spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: csm: spec: containers: - - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml index 135f8afa5..5ab23a487 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: csm: spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,25 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None - + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml index 8c885df97..bf6a720d7 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml @@ -14,125 +14,126 @@ spec: singular: csmrole scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMRole is the Schema for the csmroles API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMRoleSpec defines the desired state of CSMRole - properties: - pool: - type: string - quota: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - systemID: - type: string - systemType: - type: string - type: object - status: - description: CSMRoleStatus defines the observed state of CSMRole - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMRole is the Schema for the csmroles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMRoleSpec defines the desired state of CSMRole + properties: + pool: + type: string + quota: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + systemID: + type: string + systemType: + type: string + type: object + status: + description: CSMRoleStatus defines the observed state of CSMRole + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -149,129 +150,130 @@ spec: singular: csmtenant scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMTenant is the Schema for the csmtenants API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMTenantSpec defines the desired state of CSMTenant - properties: - approveSdc: - type: boolean - revoke: - type: boolean - roles: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - volumePrefix: - maxLength: 3 - minLength: 1 - type: string - required: - - approveSdc - - revoke - type: object - status: - description: CSMTenantStatus defines the observed state of CSMTenant - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMTenant is the Schema for the csmtenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMTenantSpec defines the desired state of CSMTenant + properties: + approveSdc: + type: boolean + revoke: + type: boolean + roles: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + volumePrefix: + maxLength: 3 + minLength: 1 + type: string + required: + - approveSdc + - revoke + type: object + status: + description: CSMTenantStatus defines the observed state of CSMTenant + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -288,128 +290,130 @@ spec: singular: storage scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Storage is the Schema for the storages API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: StorageSpec defines the desired state of Storage - properties: - credentialPath: - type: string - credentialStore: - type: string - endpoint: - type: string - pollInterval: - type: string - skipCertificateValidation: - type: boolean - systemID: - type: string - type: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - required: - - skipCertificateValidation - type: object - status: - description: StorageStatus defines the observed state of Storage - properties: - conditions: - description: 'Storage.status.conditions.type are: "Available", "NotAvailable", - and "UnKnown"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Storage is the Schema for the storages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageSpec defines the desired state of Storage + properties: + credentialPath: + type: string + credentialStore: + type: string + endpoint: + type: string + pollInterval: + type: string + skipCertificateValidation: + type: boolean + systemID: + type: string + type: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + required: + - skipCertificateValidation + type: object + status: + description: StorageStatus defines the observed state of Storage + properties: + conditions: + description: + 'Storage.status.conditions.type are: "Available", "NotAvailable", + and "UnKnown"' + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml index ffc9f5f1f..1593739e0 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -155,10 +156,17 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -254,8 +262,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -291,7 +299,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -641,14 +652,22 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -697,14 +716,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -770,10 +789,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -814,10 +833,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -859,15 +878,14 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -898,8 +916,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -909,19 +927,18 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -959,15 +976,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -989,12 +1006,11 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1062,14 +1078,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1117,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml index fd073a1cd..b8011a97e 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml @@ -60,54 +60,54 @@ spec: spec: serviceAccountName: proxy-server containers: - - name: proxy-server - image: - imagePullPolicy: Always - env: - - name: SENTINELS - value: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - "--redis-sentinel=$(SENTINELS)" - - "--redis-password=$(REDIS_PASSWORD)" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: + - name: proxy-server + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -118,10 +118,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -143,35 +143,35 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - env: - - name: SENTINELS - value: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - "--redis-sentinel=$(SENTINELS)" - - "--redis-password=$(REDIS_PASSWORD)" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: + - name: tenant-service + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: - name: config-volume - mountPath: /etc/karavi-authorization/config + secret: + secretName: karavi-config-secret - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: - - name: config-volume - secret: - secretName: karavi-config-secret - - name: csm-config-params - configMap: - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -182,9 +182,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -238,22 +238,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params volumes: - - name: csm-config-params - configMap: - name: csm-config-params + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -264,9 +264,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -282,7 +282,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets", "events"] - verbs: ["get", "patch","post", create] + verbs: ["get", "patch", "post", create] - apiGroups: ["csm-authorization.storage.dell.com"] resources: ["storages", "csmtenants", "csmroles"] verbs: ["get", "list"] @@ -326,9 +326,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- apiVersion: cert-manager.io/v1 kind: Issuer @@ -446,23 +446,23 @@ spec: spec: serviceAccountName: authorization-controller containers: - - name: authorization-controller - image: - imagePullPolicy: Always - args: - - "--authorization-namespace=" - - "--health-probe-bind-address=:8081" - - "--leader-elect=" - - "--tenant-service-address=tenant-service..svc.cluster.local:50051" - - "--storage-service-address=storage-service..svc.cluster.local:50051" - - "--role-service-address=role-service..svc.cluster.local:50051" - - "--controller-reconcile-interval=" - env: - - name: NAMESPACE - value: - ports: - - containerPort: 50052 - name: grpc + - name: authorization-controller + image: + imagePullPolicy: Always + args: + - "--authorization-namespace=" + - "--health-probe-bind-address=:8081" + - "--leader-elect=" + - "--tenant-service-address=tenant-service..svc.cluster.local:50051" + - "--storage-service-address=storage-service..svc.cluster.local:50051" + - "--role-service-address=role-service..svc.cluster.local:50051" + - "--controller-reconcile-interval=" + env: + - name: NAMESPACE + value: + ports: + - containerPort: 50052 + name: grpc --- apiVersion: v1 kind: Service @@ -473,9 +473,9 @@ spec: selector: app: authorization-controller ports: - - port: 50052 - targetPort: 50052 - name: grpc + - port: 50052 + targetPort: 50052 + name: grpc --- # Redis apiVersion: v1 @@ -489,10 +489,10 @@ spec: selector: app: ports: - - protocol: TCP - port: 6379 - targetPort: 6379 - name: + - protocol: TCP + port: 6379 + targetPort: 6379 + name: --- apiVersion: apps/v1 kind: StatefulSet @@ -512,70 +512,70 @@ spec: app: spec: initContainers: - - name: config - image: - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password + - name: config + image: + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password - command: [ "sh", "-c" ] - args: - - | - cp /csm-auth-redis-cm/redis.conf /etc/redis/redis.conf + command: ["sh", "-c"] + args: + - | + cp /csm-auth-redis-cm/redis.conf /etc/redis/redis.conf - echo "masterauth $REDIS_PASSWORD" >> /etc/redis/redis.conf - echo "requirepass $REDIS_PASSWORD" >> /etc/redis/redis.conf + echo "masterauth $REDIS_PASSWORD" >> /etc/redis/redis.conf + echo "requirepass $REDIS_PASSWORD" >> /etc/redis/redis.conf - echo "Finding master..." - MASTER_FDQN=`hostname -f | sed -e 's/redis-csm-[0-9]\./redis-csm-0./'` - echo "Master at " $MASTER_FQDN - if [ "$(redis-cli -h sentinel -p 5000 ping)" != "PONG" ]; then - echo "No sentinel found." + echo "Finding master..." + MASTER_FDQN=`hostname -f | sed -e 's/redis-csm-[0-9]\./redis-csm-0./'` + echo "Master at " $MASTER_FQDN + if [ "$(redis-cli -h sentinel -p 5000 ping)" != "PONG" ]; then + echo "No sentinel found." - if [ "$(hostname)" = "redis-csm-0" ]; then - echo "This is redis master, not updating config..." + if [ "$(hostname)" = "redis-csm-0" ]; then + echo "This is redis master, not updating config..." + else + echo "This is redis slave, updating redis.conf..." + echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf + fi else - echo "This is redis slave, updating redis.conf..." + echo "Sentinel found, finding master" + MASTER="$(redis-cli -h sentinel -p 5000 sentinel get-master-addr-by-name mymaster | grep -E '(^redis-csm-\d{1,})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})')" echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf fi - else - echo "Sentinel found, finding master" - MASTER="$(redis-cli -h sentinel -p 5000 sentinel get-master-addr-by-name mymaster | grep -E '(^redis-csm-\d{1,})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})')" - echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf - fi - volumeMounts: - - name: redis-primary-volume - mountPath: /data - - name: configmap - mountPath: /csm-auth-redis-cm/ - - name: config - mountPath: /etc/redis/ + volumeMounts: + - name: redis-primary-volume + mountPath: /data + - name: configmap + mountPath: /csm-auth-redis-cm/ + - name: config + mountPath: /etc/redis/ containers: - - name: - image: - command: [ "redis-server" ] - args: [ "/etc/redis/redis.conf" ] - ports: - - containerPort: 6379 - name: - volumeMounts: + - name: + image: + command: ["redis-server"] + args: ["/etc/redis/redis.conf"] + ports: + - containerPort: 6379 + name: + volumeMounts: + - name: redis-primary-volume + mountPath: /data + - name: configmap + mountPath: /csm-auth-redis-cm/ + - name: config + mountPath: /etc/redis/ + volumes: - name: redis-primary-volume - mountPath: /data - - name: configmap - mountPath: /csm-auth-redis-cm/ + emptyDir: {} - name: config - mountPath: /etc/redis/ - volumes: - - name: redis-primary-volume - emptyDir: {} - - name: config - emptyDir: {} - - name: configmap - configMap: - name: redis-csm-cm + emptyDir: {} + - name: configmap + configMap: + name: redis-csm-cm --- apiVersion: apps/v1 kind: Deployment @@ -595,54 +595,54 @@ spec: tier: backend spec: containers: - - name: - image: - imagePullPolicy: IfNotPresent - env: - - name: SENTINELS - value: - - name: K8S_SIGTERM - value: "1" - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: SENTINEL_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: HTTP_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: HTTP_USER - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: commander_user - ports: - name: - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + image: + imagePullPolicy: IfNotPresent + env: + - name: SENTINELS + value: + - name: K8S_SIGTERM + value: "1" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_USER + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: commander_user + ports: + - name: + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -653,9 +653,9 @@ spec: selector: app: ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- # Sentinel apiVersion: apps/v1 @@ -676,93 +676,93 @@ spec: app: spec: initContainers: - - name: config - image: - command: [ "sh", "-c" ] - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - | - replicas=$( expr $(()) - 1) - for i in $(seq 0 $replicas) - do - node=$( echo "-$i." ) - nodes=$( echo "$nodes*$node" ) - done - loop=$(echo $nodes | sed -e "s/"*"/\n/g") + - name: config + image: + command: ["sh", "-c"] + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - | + replicas=$( expr $(()) - 1) + for i in $(seq 0 $replicas) + do + node=$( echo "-$i." ) + nodes=$( echo "$nodes*$node" ) + done + loop=$(echo $nodes | sed -e "s/"*"/\n/g") - foundMaster=false + foundMaster=false - while [ "$foundMaster" = "false" ] - do - for i in $loop + while [ "$foundMaster" = "false" ] do - echo "Finding master at $i" - ROLE=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep role | cut -d ":" -f2) - if [ "$ROLE" = "master" ]; then - MASTER=$i.authorization.svc.cluster.local - echo "Master found at $MASTER..." - foundMaster=true - break - else - MASTER=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep master_host: | cut -d ":" -f2) - if [ "$MASTER" = "" ]; then - echo "Master not found..." - echo "Waiting 5 seconds for redis pods to come up..." - sleep 5 - MASTER= - else + for i in $loop + do + echo "Finding master at $i" + ROLE=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep role | cut -d ":" -f2) + if [ "$ROLE" = "master" ]; then + MASTER=$i.authorization.svc.cluster.local echo "Master found at $MASTER..." foundMaster=true break + else + MASTER=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep master_host: | cut -d ":" -f2) + if [ "$MASTER" = "" ]; then + echo "Master not found..." + echo "Waiting 5 seconds for redis pods to come up..." + sleep 5 + MASTER= + else + echo "Master found at $MASTER..." + foundMaster=true + break + fi fi - fi - done + done - if [ "$foundMaster" = "true" ]; then - break - else - echo "Master not found, wait for 30s before attempting again" - sleep 30 - fi - done + if [ "$foundMaster" = "true" ]; then + break + else + echo "Master not found, wait for 30s before attempting again" + sleep 30 + fi + done - echo "sentinel monitor mymaster $MASTER 6379 2" >> /tmp/master - echo "port 5000 - sentinel resolve-hostnames yes - sentinel announce-hostnames yes - $(cat /tmp/master) - sentinel down-after-milliseconds mymaster 5000 - sentinel failover-timeout mymaster 60000 - sentinel parallel-syncs mymaster 2 - sentinel auth-pass mymaster $REDIS_PASSWORD - " > /etc/redis/sentinel.conf - cat /etc/redis/sentinel.conf - volumeMounts: - - name: redis-config - mountPath: /etc/redis/ + echo "sentinel monitor mymaster $MASTER 6379 2" >> /tmp/master + echo "port 5000 + sentinel resolve-hostnames yes + sentinel announce-hostnames yes + $(cat /tmp/master) + sentinel down-after-milliseconds mymaster 5000 + sentinel failover-timeout mymaster 60000 + sentinel parallel-syncs mymaster 2 + sentinel auth-pass mymaster $REDIS_PASSWORD + " > /etc/redis/sentinel.conf + cat /etc/redis/sentinel.conf + volumeMounts: + - name: redis-config + mountPath: /etc/redis/ containers: - - name: - image: - command: ["redis-sentinel"] - args: ["/etc/redis/sentinel.conf"] - ports: - - containerPort: 5000 - name: - volumeMounts: + - name: + image: + command: ["redis-sentinel"] + args: ["/etc/redis/sentinel.conf"] + ports: + - containerPort: 5000 + name: + volumeMounts: + - name: redis-config + mountPath: /etc/redis/ + - name: data + mountPath: /data + volumes: - name: redis-config - mountPath: /etc/redis/ + emptyDir: {} - name: data - mountPath: /data - volumes: - - name: redis-config - emptyDir: {} - - name: data - emptyDir : {} + emptyDir: {} --- apiVersion: v1 kind: Service @@ -772,9 +772,9 @@ metadata: spec: clusterIP: None ports: - - port: 5000 - targetPort: 5000 - name: + - port: 5000 + targetPort: 5000 + name: selector: app: --- @@ -786,9 +786,9 @@ metadata: spec: type: NodePort ports: - - port: 5000 - targetPort: 5000 - name: -svc + - port: 5000 + targetPort: 5000 + name: -svc selector: app: --- @@ -834,9 +834,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -845,9 +845,9 @@ metadata: namespace: name: configmap-modifier rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -860,9 +860,9 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: -- kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io + - kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml index ca7f530f3..507372537 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml @@ -14,7 +14,7 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml index fb221c7fc..e26676c99 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get -- apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: -- kind: ServiceAccount - name: -ingress-nginx - namespace: + - kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: -- kind: ServiceAccount - name: -ingress-nginx-admission - namespace: + - kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/common/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager.yaml index 266595462..dc9cafd25 100644 --- a/operatorconfig/moduleconfig/common/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager.yaml @@ -77,7 +77,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -152,10 +153,17 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -251,8 +259,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "networking.x-k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["networking.x-k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -288,7 +296,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -371,7 +380,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -396,7 +406,8 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -414,9 +425,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -614,10 +625,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -640,7 +651,11 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -680,14 +695,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -753,10 +768,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -773,10 +788,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: @@ -797,10 +812,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -845,18 +860,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -890,8 +905,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: -cert-manager securityContext: @@ -903,25 +918,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -964,21 +979,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook - - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook + - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -1003,12 +1018,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -1070,14 +1085,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1101,4 +1116,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate \ No newline at end of file + path: /validate diff --git a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml index b269d3477..239d878d9 100644 --- a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml @@ -23,9 +23,9 @@ kind: CustomResourceDefinition metadata: name: clusterissuers.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -62,10 +62,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -101,7 +101,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." type: string enum: - HS256 @@ -120,7 +120,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -136,16 +136,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -172,7 +172,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -195,7 +195,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -207,7 +207,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -219,7 +219,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -243,7 +243,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -296,14 +296,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -312,7 +312,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -324,7 +324,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -351,7 +351,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -363,7 +363,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -378,7 +378,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -387,10 +387,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -399,7 +399,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -411,7 +411,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -420,7 +420,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -452,7 +452,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -1022,7 +1022,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -1141,7 +1141,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -1166,7 +1166,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -1178,7 +1178,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -1194,7 +1194,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -1227,7 +1227,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -1250,7 +1250,7 @@ spec: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -1318,9 +1318,9 @@ kind: CustomResourceDefinition metadata: name: challenges.acme.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -1360,10 +1360,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -1401,7 +1401,7 @@ spec: description: Name of the resource being referred to. type: string key: - description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' + description: "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content." type: string solver: description: Contains the domain solving configuration that should be used to solve this challenge resource. @@ -1428,7 +1428,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -1451,7 +1451,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1463,7 +1463,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1475,7 +1475,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -1499,7 +1499,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -1552,14 +1552,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -1568,7 +1568,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -1580,7 +1580,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -1607,7 +1607,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -1619,7 +1619,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -1634,7 +1634,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -1643,10 +1643,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -1655,7 +1655,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -1667,7 +1667,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -1676,7 +1676,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -1708,7 +1708,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -2278,7 +2278,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -2382,9 +2382,9 @@ kind: CustomResourceDefinition metadata: name: certificaterequests.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2436,10 +2436,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -2582,9 +2582,9 @@ kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2621,10 +2621,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -2660,7 +2660,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." type: string enum: - HS256 @@ -2679,7 +2679,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -2695,16 +2695,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -2731,7 +2731,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -2754,7 +2754,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2766,7 +2766,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2778,7 +2778,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -2802,7 +2802,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -2855,14 +2855,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -2871,7 +2871,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -2883,7 +2883,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -2910,7 +2910,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -2922,7 +2922,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -2937,7 +2937,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -2946,10 +2946,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -2958,7 +2958,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -2970,7 +2970,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -2979,7 +2979,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -3011,7 +3011,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -3581,7 +3581,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -3700,7 +3700,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -3725,7 +3725,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -3737,7 +3737,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -3753,7 +3753,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -3786,7 +3786,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -3809,7 +3809,7 @@ spec: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -3877,9 +3877,9 @@ kind: CustomResourceDefinition metadata: name: certificates.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -3926,10 +3926,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -3956,7 +3956,7 @@ spec: - DER - CombinedPEM commonName: - description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + description: "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4" type: string dnsNames: description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. @@ -4021,7 +4021,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string pkcs12: description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. @@ -4043,7 +4043,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string literalSubject: description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. @@ -4250,9 +4250,9 @@ kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -4295,10 +4295,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -4504,7 +4504,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -4579,10 +4580,17 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update", "patch"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -4678,8 +4686,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "gateway.networking.k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -4715,7 +4723,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -4798,7 +4807,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -4823,7 +4833,8 @@ rules: verbs: ["update", "patch"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4841,9 +4852,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -5041,10 +5052,10 @@ roleRef: kind: ClusterRole name: cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -5067,7 +5078,11 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5107,15 +5122,15 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: - - 'cert-manager-webhook-ca' - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: + - "cert-manager-webhook-ca" + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -5181,10 +5196,10 @@ roleRef: kind: Role name: cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -5201,10 +5216,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager @@ -5225,10 +5240,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager @@ -5273,18 +5288,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -5318,8 +5333,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: cert-manager securityContext: @@ -5331,25 +5346,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5392,21 +5407,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=cert-manager-webhook + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -5431,12 +5446,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5498,14 +5513,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - rules: - apiGroups: - "cert-manager.io" diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index 116127650..5a39b1616 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -2,76 +2,76 @@ powerscale: # List of Driver versions and modules that supports the version v2.9.0: - authorization: "v1.9.0" - replication: "v1.7.0" - observability: "v1.7.0" - resiliency: "v1.8.0" + authorization: "v1.9.0" + replication: "v1.7.0" + observability: "v1.7.0" + resiliency: "v1.8.0" v2.9.1: - authorization: "v1.9.1" - replication: "v1.7.1" - observability: "v1.7.0" - resiliency: "v1.8.1" + authorization: "v1.9.1" + replication: "v1.7.1" + observability: "v1.7.0" + resiliency: "v1.8.1" v2.10.0: - authorization: "v1.10.0" - replication: "v1.8.0" - observability: "v1.8.0" - resiliency: "v1.9.0" + authorization: "v1.10.0" + replication: "v1.8.0" + observability: "v1.8.0" + resiliency: "v1.9.0" v2.10.1: - authorization: "v1.10.1" - replication: "v1.8.1" - observability: "v1.8.1" - resiliency: "v1.9.1" + authorization: "v1.10.1" + replication: "v1.8.1" + observability: "v1.8.1" + resiliency: "v1.9.1" v2.11.0: - authorization: "v1.11.0" - replication: "v1.9.0" - observability: "v1.9.0" - resiliency: "v1.10.0" + authorization: "v1.11.0" + replication: "v1.9.0" + observability: "v1.9.0" + resiliency: "v1.10.0" powerflex: # List of Driver versions and modules that supports the version v2.9.0: - authorization: "v1.9.0" - observability: "v1.7.0" - replication: "v1.7.0" - resiliency: "v1.8.0" + authorization: "v1.9.0" + observability: "v1.7.0" + replication: "v1.7.0" + resiliency: "v1.8.0" v2.9.1: - authorization: "v1.9.1" - observability: "v1.7.0" - replication: "v1.7.1" - resiliency: "v1.8.1" + authorization: "v1.9.1" + observability: "v1.7.0" + replication: "v1.7.1" + resiliency: "v1.8.1" v2.9.2: - authorization: "v1.9.1" - observability: "v1.7.0" - replication: "v1.7.1" - resiliency: "v1.8.1" + authorization: "v1.9.1" + observability: "v1.7.0" + replication: "v1.7.1" + resiliency: "v1.8.1" v2.10.0: - authorization: "v1.10.0" - observability: "v1.8.0" - replication: "v1.8.0" - resiliency: "v1.9.0" + authorization: "v1.10.0" + observability: "v1.8.0" + replication: "v1.8.0" + resiliency: "v1.9.0" v2.10.1: - authorization: "v1.10.1" - observability: "v1.8.1" - replication: "v1.8.1" - resiliency: "v1.9.1" + authorization: "v1.10.1" + observability: "v1.8.1" + replication: "v1.8.1" + resiliency: "v1.9.1" v2.11.0: - authorization: "v1.11.0" - observability: "v1.9.0" - replication: "v1.9.0" - resiliency: "v1.10.0" + authorization: "v1.11.0" + observability: "v1.9.0" + replication: "v1.9.0" + resiliency: "v1.10.0" powerstore: # List of Driver versions and modules that supports the version v2.9.0: - resiliency: "v1.8.0" + resiliency: "v1.8.0" v2.9.1: - resiliency: "v1.8.1" + resiliency: "v1.8.1" v2.10.0: - resiliency: "v1.9.0" + resiliency: "v1.9.0" v2.10.1: - resiliency: "v1.9.1" + resiliency: "v1.9.1" v2.11.0: - resiliency: "v1.10.0" + resiliency: "v1.10.0" v2.11.1: - resiliency: "v1.10.0" + resiliency: "v1.10.0" powermax: # List of Driver versions and modules that supports the version v2.9.0: diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml index 9f5623e75..a24744f0e 100644 --- a/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml @@ -18,4 +18,4 @@ volumeMounts: - name: tls-secret mountPath: /app/tls - name: cert-dir - mountPath: /app/certs \ No newline at end of file + mountPath: /app/certs diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml index 03a3ff3f2..6847be5e5 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml @@ -11,7 +11,6 @@ data: tls.key: --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -22,7 +21,6 @@ spec: secretName: -secret --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -34,7 +32,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -44,8 +42,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml index 1586047b4..f77a3df27 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml : | + karavi-metrics-powerflex.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml index c691412b3..4c3ce6e1d 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -24,7 +23,6 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -58,14 +56,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml : | + karavi-metrics-powermax.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -141,7 +136,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: { } + emptyDir: {} - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml index 408cd3d32..e9dabdfe4 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -37,7 +35,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -57,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml : | + karavi-metrics-powerscale.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -80,7 +76,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -91,7 +86,6 @@ data: CSI_LOG_LEVEL: debug --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -155,4 +149,3 @@ spec: name: -config-params restartPolicy: Always status: {} - diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml index 57a79e6a3..0ea0cc14b 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,7 +31,6 @@ metadata: namespace: karavi --- - apiVersion: v1 data: nginx.conf: |- @@ -39,9 +38,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -68,7 +67,6 @@ metadata: namespace: karavi --- - apiVersion: v1 kind: Service metadata: @@ -91,7 +89,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml index 375ba4c4c..67813d8c2 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml @@ -13,7 +13,6 @@ data: ZIPKIN_PROBABILITY: 0.0 --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -21,7 +20,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -32,7 +30,6 @@ rules: verbs: ["list"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -47,7 +44,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -67,7 +63,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml index 9aa62cf3c..c72a1d50a 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml @@ -7,7 +7,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -19,7 +18,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -29,8 +28,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml index 03a3ff3f2..6847be5e5 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml @@ -11,7 +11,6 @@ data: tls.key: --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -22,7 +21,6 @@ spec: secretName: -secret --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -34,7 +32,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -44,8 +42,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml index 1586047b4..f77a3df27 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml : | + karavi-metrics-powerflex.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml index c691412b3..4c3ce6e1d 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -24,7 +23,6 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -58,14 +56,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml : | + karavi-metrics-powermax.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -141,7 +136,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: { } + emptyDir: {} - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml index 408cd3d32..e9dabdfe4 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -37,7 +35,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -57,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml : | + karavi-metrics-powerscale.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -80,7 +76,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -91,7 +86,6 @@ data: CSI_LOG_LEVEL: debug --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -155,4 +149,3 @@ spec: name: -config-params restartPolicy: Always status: {} - diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml index 57a79e6a3..0ea0cc14b 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,7 +31,6 @@ metadata: namespace: karavi --- - apiVersion: v1 data: nginx.conf: |- @@ -39,9 +38,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -68,7 +67,6 @@ metadata: namespace: karavi --- - apiVersion: v1 kind: Service metadata: @@ -91,7 +89,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml index 375ba4c4c..67813d8c2 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml @@ -13,7 +13,6 @@ data: ZIPKIN_PROBABILITY: 0.0 --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -21,7 +20,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -32,7 +30,6 @@ rules: verbs: ["list"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -47,7 +44,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -67,7 +63,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml index 9aa62cf3c..c72a1d50a 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml @@ -7,7 +7,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -19,7 +18,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -29,8 +28,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml index 03a3ff3f2..6847be5e5 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml @@ -11,7 +11,6 @@ data: tls.key: --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -22,7 +21,6 @@ spec: secretName: -secret --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -34,7 +32,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -44,8 +42,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml index 1586047b4..f77a3df27 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml : | + karavi-metrics-powerflex.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml index c691412b3..4c3ce6e1d 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -24,7 +23,6 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -58,14 +56,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml : | + karavi-metrics-powermax.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -141,7 +136,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: { } + emptyDir: {} - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml index 408cd3d32..e9dabdfe4 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -37,7 +35,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -57,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml : | + karavi-metrics-powerscale.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -80,7 +76,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -91,7 +86,6 @@ data: CSI_LOG_LEVEL: debug --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -155,4 +149,3 @@ spec: name: -config-params restartPolicy: Always status: {} - diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml index 57a79e6a3..0ea0cc14b 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,7 +31,6 @@ metadata: namespace: karavi --- - apiVersion: v1 data: nginx.conf: |- @@ -39,9 +38,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -68,7 +67,6 @@ metadata: namespace: karavi --- - apiVersion: v1 kind: Service metadata: @@ -91,7 +89,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml index 375ba4c4c..67813d8c2 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml @@ -13,7 +13,6 @@ data: ZIPKIN_PROBABILITY: 0.0 --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -21,7 +20,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -32,7 +30,6 @@ rules: verbs: ["list"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -47,7 +44,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -67,7 +63,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml index 9aa62cf3c..c72a1d50a 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml @@ -7,7 +7,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -19,7 +18,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -29,8 +28,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml index 03a3ff3f2..6847be5e5 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml @@ -11,7 +11,6 @@ data: tls.key: --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -22,7 +21,6 @@ spec: secretName: -secret --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -34,7 +32,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -44,8 +42,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml index 1586047b4..f77a3df27 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml : | + karavi-metrics-powerflex.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml index c691412b3..4c3ce6e1d 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -24,7 +23,6 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -58,14 +56,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml : | + karavi-metrics-powermax.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -77,7 +74,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -89,7 +85,6 @@ data: CSI_LOG_FORMAT: TEXT --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -141,7 +136,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: { } + emptyDir: {} - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml index 408cd3d32..e9dabdfe4 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml @@ -5,7 +5,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -22,7 +21,6 @@ rules: verbs: ["*"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -37,7 +35,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -57,14 +54,13 @@ spec: app.kubernetes.io/instance: karavi --- - apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml : | + karavi-metrics-powerscale.yaml: | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -80,7 +76,6 @@ data: LOG_FORMAT: --- - apiVersion: v1 kind: ConfigMap metadata: @@ -91,7 +86,6 @@ data: CSI_LOG_LEVEL: debug --- - apiVersion: apps/v1 kind: Deployment metadata: @@ -155,4 +149,3 @@ spec: name: -config-params restartPolicy: Always status: {} - diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml index 57a79e6a3..0ea0cc14b 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,7 +31,6 @@ metadata: namespace: karavi --- - apiVersion: v1 data: nginx.conf: |- @@ -39,9 +38,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -68,7 +67,6 @@ metadata: namespace: karavi --- - apiVersion: v1 kind: Service metadata: @@ -91,7 +89,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml index 375ba4c4c..67813d8c2 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml @@ -13,7 +13,6 @@ data: ZIPKIN_PROBABILITY: 0.0 --- - apiVersion: v1 kind: ServiceAccount metadata: @@ -21,7 +20,6 @@ metadata: namespace: karavi --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -32,7 +30,6 @@ rules: verbs: ["list"] --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -47,7 +44,6 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- - apiVersion: v1 kind: Service metadata: @@ -67,7 +63,6 @@ spec: app.kubernetes.io/instance: karavi-observability --- - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml index 9aa62cf3c..c72a1d50a 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml @@ -7,7 +7,6 @@ spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -19,7 +18,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -29,8 +28,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml index 204b2ed6e..c45bb6d02 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: -- name: replication-secret + - name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml index 33f4265af..2168fcea9 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml @@ -13,75 +13,78 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: + DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -97,93 +100,128 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: + DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: + requestParametersClass: type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: + DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: + Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: + ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: description: LastAction - Stores the last updated action properties: condition: - description: Condition is the last known condition of the Custom + description: + Condition is the last known condition of the Custom Resource type: string errorMessage: - description: ErrorMessage is the last error message associated + description: + ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -200,61 +238,38 @@ spec: type: string type: object type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: + ErrorMessage is the last error message associated + with the link state type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication - Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: + LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: + State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml index aba283635..790f60de3 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml @@ -1,9 +1,9 @@ - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml index 204b2ed6e..c45bb6d02 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: -- name: replication-secret + - name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml index 33f4265af..2168fcea9 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml @@ -13,75 +13,78 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: + DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -97,93 +100,128 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: + DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: + requestParametersClass: type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: + DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: + Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: + ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: description: LastAction - Stores the last updated action properties: condition: - description: Condition is the last known condition of the Custom + description: + Condition is the last known condition of the Custom Resource type: string errorMessage: - description: ErrorMessage is the last error message associated + description: + ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -200,61 +238,38 @@ spec: type: string type: object type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: + ErrorMessage is the last error message associated + with the link state type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication - Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: + LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: + State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml index aba283635..790f60de3 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml @@ -1,9 +1,9 @@ - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml index 204b2ed6e..c45bb6d02 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: -- name: replication-secret + - name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml index 33f4265af..2168fcea9 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml @@ -13,75 +13,78 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: + DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -97,93 +100,128 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: + DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: + requestParametersClass: type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: + DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: + Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: + ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: description: LastAction - Stores the last updated action properties: condition: - description: Condition is the last known condition of the Custom + description: + Condition is the last known condition of the Custom Resource type: string errorMessage: - description: ErrorMessage is the last error message associated + description: + ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -200,61 +238,38 @@ spec: type: string type: object type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: + ErrorMessage is the last error message associated + with the link state type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication - Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: + LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: + State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml index aba283635..790f60de3 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml @@ -1,9 +1,9 @@ - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml index 204b2ed6e..c45bb6d02 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: -- name: replication-secret + - name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml index 33f4265af..2168fcea9 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml @@ -13,75 +13,78 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: + DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -97,93 +100,128 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: + DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: + requestParametersClass: type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: + DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: + Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: + ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: description: LastAction - Stores the last updated action properties: condition: - description: Condition is the last known condition of the Custom + description: + Condition is the last known condition of the Custom Resource type: string errorMessage: - description: ErrorMessage is the last error message associated + description: + ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -200,61 +238,38 @@ spec: type: string type: object type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: + ErrorMessage is the last error message associated + with the link state type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication - Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: + LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: + State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml index aba283635..790f60de3 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml @@ -1,9 +1,9 @@ - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml index 204b2ed6e..c45bb6d02 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: -- name: replication-secret + - name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] -- apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: -- nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: -- kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller + - kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml index 33f4265af..2168fcea9 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml @@ -13,75 +13,78 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: - type: string - migrationGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: + DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -97,93 +100,128 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: + DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: + requestParametersClass: type: string - type: object - remoteProtectionGroupId: - type: string - requestParametersClass: - type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: + DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: + Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: + ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: description: LastAction - Stores the last updated action properties: condition: - description: Condition is the last known condition of the Custom + description: + Condition is the last known condition of the Custom Resource type: string errorMessage: - description: ErrorMessage is the last error message associated + description: + ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -200,61 +238,38 @@ spec: type: string type: object type: object - type: array - lastAction: - description: LastAction - Stores the last updated action - properties: - condition: - description: Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: + ErrorMessage is the last error message associated + with the link state type: string - type: object - type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: State is the last reported state of the Replication - Link - type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: + LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: + State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml index aba283635..790f60de3 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml @@ -1,9 +1,9 @@ - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - - apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] +- apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml index 1a2dcb872..2899728f4 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params \ No newline at end of file + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml index 30d70e0a8..48f66803c 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml index 785516292..90d5faaff 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powermax-config-params - mountPath: /powermax-config-params + mountPath: /powermax-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml index 7813dc9ac..b1adbeadc 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params \ No newline at end of file + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml index c73f0de1b..d3d60c7f2 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml index a0d1a135a..ecebd011e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params \ No newline at end of file + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml index 9bd2db03f..d7606e711 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml index a5b98adef..f5f8cbbc0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml index fe683a896..563989420 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params \ No newline at end of file + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml index 80706515f..d700dc9e1 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml index b7a1460ef..6d91c7b4b 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params \ No newline at end of file + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml index 73ab04230..d63cde6aa 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml index 4d13ff754..dbd4753a3 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params \ No newline at end of file + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml index 80bb7e5c6..d2d1129ab 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml index a5b98adef..f5f8cbbc0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml index 7e6087e72..24c9db387 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params \ No newline at end of file + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml index 446399c32..6e15d6b47 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml index 0b82f0e3c..f67f72057 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params \ No newline at end of file + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml index 64ab93892..689fadbc1 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml index 1b30812ca..542c54980 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params \ No newline at end of file + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml index 4c1d8f3f5..c83d57fd7 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml index a5b98adef..f5f8cbbc0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml index 67749c8f0..52f35af1a 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params \ No newline at end of file + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml index 21f5070f7..ba1797a67 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml index 4c8eb4f4a..fbb4343fa 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params \ No newline at end of file + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml index af7fdcb56..eba8ae213 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml index e47891d31..cd12cccca 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params \ No newline at end of file + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml index a4bfe9d7e..fb8753e75 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml index a5b98adef..f5f8cbbc0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml index fc7b5d209..a1fe3b165 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params \ No newline at end of file + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml index aae9c2303..7c0621795 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml index dae17977e..b22871254 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params \ No newline at end of file + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml index cc03c334e..9e5b94583 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml index fef783c30..cdaccb84f 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params \ No newline at end of file + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml index 7fc0517d2..218cdb621 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml index a5b98adef..f5f8cbbc0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml index f90b8b7a7..c04a8bea6 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml index f90b8b7a7..c04a8bea6 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml index f90b8b7a7..c04a8bea6 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/cr_application_mobility.yaml b/pkg/modules/testdata/cr_application_mobility.yaml index f70bddf9c..28950f083 100644 --- a/pkg/modules/testdata/cr_application_mobility.yaml +++ b/pkg/modules/testdata/cr_application_mobility.yaml @@ -83,8 +83,8 @@ spec: name: cloud-creds # Specify the object store access credentials to be stored in a secret with key "cloud". secretContents: - aws_access_key_id: # Provide the access key id here - aws_secret_access_key: # provide the access key here + aws_access_key_id: # Provide the access key id here + aws_secret_access_key: # provide the access key here # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. diff --git a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml index 0f7f58e34..0cc2e5bc8 100644 --- a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml +++ b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml @@ -87,8 +87,8 @@ spec: name: cloud-creds # Specify the object store access credentials to be stored in a secret with key "cloud". secretContents: - aws_access_key_id: # Provide the access key id here - aws_secret_access_key: # provide the access key here + aws_access_key_id: # Provide the access key id here + aws_secret_access_key: # provide the access key here # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 4c2ff61ad..122666a43 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -42,7 +42,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -121,7 +121,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index 0a6b9bb1a..a94da6673 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index 4d3b986b6..dd37f895d 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powermax_resiliency.yaml b/pkg/modules/testdata/cr_powermax_resiliency.yaml index e7b757d9a..935d8926a 100644 --- a/pkg/modules/testdata/cr_powermax_resiliency.yaml +++ b/pkg/modules/testdata/cr_powermax_resiliency.yaml @@ -51,4 +51,3 @@ spec: - "--mode=node" - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - "--driverPath=csi-powermax.dellemc.com" - diff --git a/samples/authorization/csm-authorization_csmtenant.yaml b/samples/authorization/csm-authorization_csmtenant.yaml index c6f25183f..7e46d1ec0 100644 --- a/samples/authorization/csm-authorization_csmtenant.yaml +++ b/samples/authorization/csm-authorization_csmtenant.yaml @@ -13,6 +13,6 @@ spec: roles: role1,role2 approveSdc: false revoke: false - # This prefix is added for each new volume provisioned by the tenant. + # This prefix is added for each new volume provisioned by the tenant. # It should not exceed 3 characters. Example: tn1 volumePrefix: tn1 diff --git a/samples/authorization/csm_authorization_proxy_server_v190.yaml b/samples/authorization/csm_authorization_proxy_server_v190.yaml index 172dfe224..f6a301db3 100644 --- a/samples/authorization/csm_authorization_proxy_server_v190.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v190.yaml @@ -12,69 +12,69 @@ spec: configVersion: v1.9.0 forceRemoveModule: true components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true - # For Kubernetes Container Platform only - # enabled: Enable/Disable NGINX Ingress Controller - # Allowed values: - # true: enable deployment of NGINX Ingress Controller - # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section - # Default value: true - - name: nginx - enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - - name: cert-manager - enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.0 + tenantService: dellemc/csm-authorization-tenant:v1.9.0 + roleService: dellemc/csm-authorization-role:v1.9.0 + storageService: dellemc/csm-authorization-storage:v1.9.0 + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 - - name: proxy-server - # enable: Enable/Disable csm-authorization proxy server - enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.0 - tenantService: dellemc/csm-authorization-tenant:v1.9.0 - roleService: dellemc/csm-authorization-role:v1.9.0 - storageService: dellemc/csm-authorization-storage:v1.9.0 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" - # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" + # base hostname for the ingress rules that expose the services + # the proxy-server ingress will use this hostname + # Allowed values: string + # Default value: csm-authorization.com + hostname: "csm-authorization.com" - # base hostname for the ingress rules that expose the services - # the proxy-server ingress will use this hostname - # Allowed values: string - # Default value: csm-authorization.com - hostname: "csm-authorization.com" - - # proxy-server ingress configuration - proxyServerIngress: - - ingressClassName: nginx + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx - # additional host rules for the proxy-server ingress - hosts: [] - # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + # additional host rules for the proxy-server ingress + hosts: + [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local - # additional annotations for the proxy-server ingress - annotations: {} + # additional annotations for the proxy-server ingress + annotations: {} - - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest - # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis - # to use a different storage class for redis, specify the name of the storage class - # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization - # Default value: None - storageclass: "" + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "" --- apiVersion: v1 diff --git a/samples/authorization/csm_authorization_proxy_server_v191.yaml b/samples/authorization/csm_authorization_proxy_server_v191.yaml index 97c6fea25..2d805dcbc 100644 --- a/samples/authorization/csm_authorization_proxy_server_v191.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v191.yaml @@ -12,69 +12,69 @@ spec: configVersion: v1.9.1 forceRemoveModule: true components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true - # For Kubernetes Container Platform only - # enabled: Enable/Disable NGINX Ingress Controller - # Allowed values: - # true: enable deployment of NGINX Ingress Controller - # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section - # Default value: true - - name: nginx - enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - - name: cert-manager - enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.1 + tenantService: dellemc/csm-authorization-tenant:v1.9.1 + roleService: dellemc/csm-authorization-role:v1.9.1 + storageService: dellemc/csm-authorization-storage:v1.9.1 + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 - - name: proxy-server - # enable: Enable/Disable csm-authorization proxy server - enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.1 - tenantService: dellemc/csm-authorization-tenant:v1.9.1 - roleService: dellemc/csm-authorization-role:v1.9.1 - storageService: dellemc/csm-authorization-storage:v1.9.1 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" - # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" + # base hostname for the ingress rules that expose the services + # the proxy-server ingress will use this hostname + # Allowed values: string + # Default value: csm-authorization.com + hostname: "csm-authorization.com" - # base hostname for the ingress rules that expose the services - # the proxy-server ingress will use this hostname - # Allowed values: string - # Default value: csm-authorization.com - hostname: "csm-authorization.com" - - # proxy-server ingress configuration - proxyServerIngress: - - ingressClassName: nginx + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx - # additional host rules for the proxy-server ingress - hosts: [] - # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + # additional host rules for the proxy-server ingress + hosts: + [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local - # additional annotations for the proxy-server ingress - annotations: {} + # additional annotations for the proxy-server ingress + annotations: {} - - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest - # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis - # to use a different storage class for redis, specify the name of the storage class - # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization - # Default value: None - storageclass: "" + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "" --- apiVersion: v1 diff --git a/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml b/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml index ee8b42756..eeb18bdaa 100644 --- a/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml @@ -70,7 +70,8 @@ spec: - ingressClassName: nginx # additional host rules for the proxy-server ingress - hosts: [] + hosts: + [] # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local # additional annotations for the proxy-server ingress diff --git a/samples/csireverseproxy/config.yaml b/samples/csireverseproxy/config.yaml index 8d82e0117..87056d28e 100644 --- a/samples/csireverseproxy/config.yaml +++ b/samples/csireverseproxy/config.yaml @@ -23,7 +23,7 @@ standAloneConfig: storageArrays: - storageArrayId: "000000000001" # arrayID primaryURL: https://primary-1.unisphe.re:8443 # primary unisphere for arrayID - backupURL: https://backup-1.unisphe.re:8443 # backup unisphere for arrayID + backupURL: https://backup-1.unisphe.re:8443 # backup unisphere for arrayID proxyCredentialSecrets: - proxy-secret-11 # credential secret for primary unisphere, e.g., powermax-creds - proxy-secret-12 # credential secret for backup unisphere, e.g., powermax-creds @@ -47,4 +47,4 @@ standAloneConfig: - url: https://backup-2.unisphe.re:8443 arrayCredentialSecret: backup-2-secret skipCertificateValidation: false - certSecret: primary-certs \ No newline at end of file + certSecret: primary-certs diff --git a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml index 6891adc32..ac581f988 100644 --- a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml +++ b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml @@ -64,7 +64,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -178,7 +178,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -403,4 +403,4 @@ spec: # Below 3 args should not be modified. - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - "--mode=node" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" \ No newline at end of file + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml index 26c16776d..3784931aa 100644 --- a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml +++ b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml @@ -213,4 +213,4 @@ spec: - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" - "--mode=node" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPath=csi-powerstore.dellemc.com" \ No newline at end of file + - "--driverPath=csi-powerstore.dellemc.com" diff --git a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml index a7b08c4a2..735a96a65 100644 --- a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml +++ b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml @@ -165,4 +165,4 @@ spec: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" - # effect: "NoSchedule" \ No newline at end of file + # effect: "NoSchedule" diff --git a/samples/storage_csm_powerflex_v2101.yaml b/samples/storage_csm_powerflex_v2101.yaml index 191600834..7ef9ec5b0 100644 --- a/samples/storage_csm_powerflex_v2101.yaml +++ b/samples/storage_csm_powerflex_v2101.yaml @@ -43,7 +43,7 @@ spec: value: "false" sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver + # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 args: ["--volume-name-prefix=k8s"] @@ -58,18 +58,18 @@ spec: - name: csi-metadata-retriever image: dellemc/csi-metadata-retriever:v1.7.3 - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -122,7 +122,6 @@ spec: node: envs: - # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -162,8 +161,6 @@ spec: - name: X_CSI_MAX_VOLUMES_PER_NODE value: "0" - - # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset # Leave as blank to use all nodes # Allowed values: map of key-value pairs @@ -193,7 +190,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC @@ -202,16 +199,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # observability: allows to configure observability - name: observability @@ -337,52 +334,52 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerflex" + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/samples/storage_csm_powermax_v2101.yaml b/samples/storage_csm_powermax_v2101.yaml index c7133262f..41cc04869 100644 --- a/samples/storage_csm_powermax_v2101.yaml +++ b/samples/storage_csm_powermax_v2101.yaml @@ -226,7 +226,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity @@ -243,42 +243,42 @@ spec: forceRemoveModule: true configVersion: v2.9.1 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:v2.9.1 - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" # Authorization: enable csm-authorization for RBAC - name: authorization # enabled: Enable/Disable csm-authorization enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # Replication: allows configuring replication module # Replication CRDs must be installed before installing driver @@ -291,52 +291,52 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: powermax - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powermax" + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability diff --git a/samples/storage_csm_powermax_v291.yaml b/samples/storage_csm_powermax_v291.yaml index c8756faf2..d755336e5 100644 --- a/samples/storage_csm_powermax_v291.yaml +++ b/samples/storage_csm_powermax_v291.yaml @@ -215,7 +215,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" @@ -231,42 +231,42 @@ spec: forceRemoveModule: true configVersion: v2.8.1 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.8.1" - image: dellemc/csipowermax-reverseproxy:v2.8.1 - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" + # Example: "csipowermax-reverseproxy:v2.8.1" + image: dellemc/csipowermax-reverseproxy:v2.8.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" # Authorization: enable csm-authorization for RBAC - name: authorization # enabled: Enable/Disable csm-authorization enabled: false configVersion: v1.9.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # Replication: allows configuring replication module # Replication CRDs must be installed before installing driver @@ -279,52 +279,52 @@ spec: enabled: false configVersion: v1.7.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: powermax - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powermax" + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability diff --git a/samples/storage_csm_powerscale_v2101.yaml b/samples/storage_csm_powerscale_v2101.yaml index 62b2551cb..7c788538e 100644 --- a/samples/storage_csm_powerscale_v2101.yaml +++ b/samples/storage_csm_powerscale_v2101.yaml @@ -119,54 +119,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -188,38 +188,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -280,16 +280,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -302,53 +302,53 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability @@ -399,11 +399,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false enabled: false - name: metrics-powerscale diff --git a/samples/storage_csm_powerscale_v291.yaml b/samples/storage_csm_powerscale_v291.yaml index df8460eae..7255821b7 100644 --- a/samples/storage_csm_powerscale_v291.yaml +++ b/samples/storage_csm_powerscale_v291.yaml @@ -125,54 +125,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -194,38 +194,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -293,16 +293,16 @@ spec: enabled: false configVersion: v1.9.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -315,53 +315,53 @@ spec: enabled: false configVersion: v1.7.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability @@ -412,11 +412,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false enabled: false - name: metrics-powerscale diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 1684fc179..e0d432e39 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -122,8 +122,7 @@ spec: runAsUser: 1001 containers: - name: connectivity-client-docker-k8s - securityContext: - {} + securityContext: {} image: "" imagePullPolicy: IfNotPresent args: @@ -200,7 +199,7 @@ spec: - name: kubernetes-proxy image: "" imagePullPolicy: IfNotPresent - command: [ "kubectl" ] + command: ["kubectl"] args: - "proxy" - "--port=8001" @@ -229,7 +228,12 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: ['sh', '-c', "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] + command: + [ + "sh", + "-c", + "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", + ] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml index 8e868cb1a..65534de17 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml @@ -122,8 +122,7 @@ spec: runAsUser: 1001 containers: - name: connectivity-client-docker-k8s - securityContext: - {} + securityContext: {} image: "" imagePullPolicy: IfNotPresent args: @@ -200,7 +199,7 @@ spec: - name: kubernetes-proxy image: "" imagePullPolicy: IfNotPresent - command: [ "kubectl" ] + command: ["kubectl"] args: - "proxy" - "--port=8001" @@ -229,7 +228,12 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: ['sh', '-c', "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] + command: + [ + "sh", + "-c", + "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", + ] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/tests/config/clientconfig/badclient/badClient/bad.yaml b/tests/config/clientconfig/badclient/badClient/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/badclient/badClient/bad.yaml +++ b/tests/config/clientconfig/badclient/badClient/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/statefulset.yaml b/tests/config/clientconfig/badclient/statefulset.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/badclient/statefulset.yaml +++ b/tests/config/clientconfig/badclient/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml b/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml +++ b/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml b/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml +++ b/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml index 55d520672..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml @@ -1,5 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml - \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml b/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml index 155ec5e3f..67a493dab 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/tests/config/driverconfig/powerflex/v2.10.0/node.yaml b/tests/config/driverconfig/powerflex/v2.10.0/node.yaml index 4f781e1c1..6cd9ab702 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml index f0a353a03..f747ae20b 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml index f9dcbad91..80a667018 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml b/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml index 71b57e9fc..3de2521e6 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.11.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/tests/config/driverconfig/powerflex/v2.11.0/node.yaml b/tests/config/driverconfig/powerflex/v2.11.0/node.yaml index 2d9a3aac8..d619d55e5 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.11.0 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml index d3c1242d0..25c4609a7 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml index 9fdb2dfa0..b030dbdf2 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml index 060d7ead6..1646835ff 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT \ No newline at end of file + CSI_LOG_FORMAT: TEXT diff --git a/tests/config/driverconfig/powerflex/v2.9.1/node.yaml b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml index b6070724b..f9d4f2484 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-vxflexos.sh" ] + command: ["/csi-vxflexos.sh"] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powermax/v2.10.0/bad.yaml b/tests/config/driverconfig/powermax/v2.10.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.10.0/controller.yaml b/tests/config/driverconfig/powermax/v2.10.0/controller.yaml index ade0cf06b..e5808f056 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml index fcbf5531e..57491cb93 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.10.0/node.yaml b/tests/config/driverconfig/powermax/v2.10.0/node.yaml index 2e2ea39c4..5c4b3e19e 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml index acc22df8c..ef4d20fde 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -323,6 +323,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml index fcbf5531e..57491cb93 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.10.1/node.yaml b/tests/config/driverconfig/powermax/v2.10.1/node.yaml index cd138b569..bd96454dd 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.11.0/bad.yaml b/tests/config/driverconfig/powermax/v2.11.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.11.0/controller.yaml b/tests/config/driverconfig/powermax/v2.11.0/controller.yaml index 5e43f3c78..86a2240c4 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.11.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml index fcbf5531e..57491cb93 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.11.0/node.yaml b/tests/config/driverconfig/powermax/v2.11.0/node.yaml index 9dbc51be1..73ab45480 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.9.1/bad.yaml b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.9.1/controller.yaml b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml index d4b5181a3..9db59746a 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powermax.sh" ] + command: ["/csi-powermax.sh"] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml index fcbf5531e..57491cb93 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.9.1/node.yaml b/tests/config/driverconfig/powermax/v2.9.1/node.yaml index 1442004bc..6bbb4d89f 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml index 44ff5ed14..568a8e84a 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml index a55f2843f..d5bbcf27b 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.10.0/node.yaml b/tests/config/driverconfig/powerscale/v2.10.0/node.yaml index acb7e4692..17334c578 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml index f05a9bdf9..2b801d7df 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml index a55f2843f..d5bbcf27b 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml index 0ca8799c6..178ab87c2 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml index 90e951fbd..3c66dc3f4 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.11.0 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml index a55f2843f..d5bbcf27b 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.11.0/node.yaml b/tests/config/driverconfig/powerscale/v2.11.0/node.yaml index fc9309365..a02595a90 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml index 46c3cd628..3bba1b4f5 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.8.0 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml index a55f2843f..d5bbcf27b 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.9.0/node.yaml b/tests/config/driverconfig/powerscale/v2.9.0/node.yaml index cc30533c3..7b4f005c3 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml index f90b8b7a7..c04a8bea6 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml index 1fed6ca02..e9ce597f4 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-isilon" ] + command: ["/csi-isilon"] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -305,4 +305,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml index a55f2843f..d5bbcf27b 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.9.1/node.yaml b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml index 9ffcb36f1..3210f4875 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: [ "security.openshift.io" ] - resourceNames: [ "privileged" ] - resources: [ "securitycontextconstraints" ] - verbs: [ "use" ] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml b/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml index a85d0f248..f35ca024d 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml index 4325897fc..fdea6ddcb 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml index 94ce0ee14..7b27ad979 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" \ No newline at end of file + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powerstore/v2.10.0/node.yaml b/tests/config/driverconfig/powerstore/v2.10.0/node.yaml index 9074f5732..24e8abeff 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.0 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory \ No newline at end of file + type: Directory diff --git a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml index a85d0f248..f35ca024d 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml index 14e455317..c908ba7fd 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml index 94ce0ee14..7b27ad979 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" \ No newline at end of file + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml index a8cb341fd..3a1b1523c 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory \ No newline at end of file + type: Directory diff --git a/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml b/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml index a85d0f248..f35ca024d 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml index 6937e2c84..4fe2d8ea4 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.11.0 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml index 94ce0ee14..7b27ad979 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" \ No newline at end of file + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powerstore/v2.11.0/node.yaml b/tests/config/driverconfig/powerstore/v2.11.0/node.yaml index 4e354ea21..7f24580b8 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.11.0 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory \ No newline at end of file + type: Directory diff --git a/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml index a85d0f248..f35ca024d 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml index 65f408104..b2a3077b8 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.11.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml index 94ce0ee14..7b27ad979 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" \ No newline at end of file + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powerstore/v2.11.1/node.yaml b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml index b76231685..12f8c1d69 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.11.1 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory \ No newline at end of file + type: Directory diff --git a/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml index a85d0f248..f35ca024d 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml \ No newline at end of file +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml index 41abb750c..9962a0bf8 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml @@ -49,7 +49,8 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + resources: + ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -122,13 +123,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -225,7 +226,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -267,4 +268,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config \ No newline at end of file + secretName: -config diff --git a/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml index 1d6b34780..0f1b9547f 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral \ No newline at end of file + - Ephemeral diff --git a/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml index 94ce0ee14..7b27ad979 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" \ No newline at end of file + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powerstore/v2.9.1/node.yaml b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml index 96c0bacda..6d7b43067 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.1 - imagePullPolicy: IfNotPresent - command: [ "/csi-powerstore" ] + imagePullPolicy: IfNotPresent + command: ["/csi-powerstore"] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory \ No newline at end of file + type: Directory diff --git a/tests/config/driverconfig/unity/v2.10.0/bad.yaml b/tests/config/driverconfig/unity/v2.10.0/bad.yaml index 89aaa9556..f35ca024d 100644 --- a/tests/config/driverconfig/unity/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.10.0/controller.yaml b/tests/config/driverconfig/unity/v2.10.0/controller.yaml index 71c75df44..de8c2eb41 100644 --- a/tests/config/driverconfig/unity/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml b/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/tests/config/driverconfig/unity/v2.10.0/node.yaml b/tests/config/driverconfig/unity/v2.10.0/node.yaml index 7de3cced1..69466603f 100644 --- a/tests/config/driverconfig/unity/v2.10.0/node.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/bad.yaml b/tests/config/driverconfig/unity/v2.10.1/bad.yaml index 89aaa9556..f35ca024d 100644 --- a/tests/config/driverconfig/unity/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.10.1/controller.yaml b/tests/config/driverconfig/unity/v2.10.1/controller.yaml index 463fe2381..4fda23e47 100644 --- a/tests/config/driverconfig/unity/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/tests/config/driverconfig/unity/v2.10.1/node.yaml b/tests/config/driverconfig/unity/v2.10.1/node.yaml index 7de3cced1..69466603f 100644 --- a/tests/config/driverconfig/unity/v2.10.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.0/bad.yaml b/tests/config/driverconfig/unity/v2.11.0/bad.yaml index 89aaa9556..f35ca024d 100644 --- a/tests/config/driverconfig/unity/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.11.0/controller.yaml b/tests/config/driverconfig/unity/v2.11.0/controller.yaml index 591d51b25..1cd0d1a42 100644 --- a/tests/config/driverconfig/unity/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml b/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/tests/config/driverconfig/unity/v2.11.0/node.yaml b/tests/config/driverconfig/unity/v2.11.0/node.yaml index bccf645f9..a350652e8 100644 --- a/tests/config/driverconfig/unity/v2.11.0/node.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/bad.yaml b/tests/config/driverconfig/unity/v2.11.1/bad.yaml index 0e37cfa82..cf27dd5bf 100644 --- a/tests/config/driverconfig/unity/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.11.1/controller.yaml b/tests/config/driverconfig/unity/v2.11.1/controller.yaml index c6d0f57a9..f6d507f25 100644 --- a/tests/config/driverconfig/unity/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/tests/config/driverconfig/unity/v2.11.1/node.yaml b/tests/config/driverconfig/unity/v2.11.1/node.yaml index bccf645f9..a350652e8 100644 --- a/tests/config/driverconfig/unity/v2.11.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.1/bad.yaml b/tests/config/driverconfig/unity/v2.9.1/bad.yaml index 89aaa9556..f35ca024d 100644 --- a/tests/config/driverconfig/unity/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga - is +is - 843*&(*(% invalid YAml +843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.9.1/controller.yaml b/tests/config/driverconfig/unity/v2.9.1/controller.yaml index 0b55df66e..e74471cbd 100644 --- a/tests/config/driverconfig/unity/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update","patch"] + verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] -# below for snapshotter + # below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml index 1ef295e21..dbc2496ab 100644 --- a/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType diff --git a/tests/config/driverconfig/unity/v2.9.1/node.yaml b/tests/config/driverconfig/unity/v2.9.1/node.yaml index 7de3cced1..69466603f 100644 --- a/tests/config/driverconfig/unity/v2.9.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml index de8ebbfd3..e88168225 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml @@ -44,20 +44,20 @@ spec: value: "" - name: X_CSI_QUOTA_ENABLED value: "false" - + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,7 +103,6 @@ spec: node: envs: - # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -162,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -172,87 +171,86 @@ spec: configVersion: v1.0.3 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: dellemc/csm-application-mobility-controller:v1.0.3 - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: dellemc/csm-application-mobility-controller:v1.0.3 + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.10.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" - - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.10.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: dellemc/csm-application-mobility-velero-plugin:v1.0.3 - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.6.2 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:7be1bef8d72f9916e6f0614d1b0a8c9559c8937f3d343780b22441c2efed314e \ No newline at end of file + - name: dell-custom-velero-plugin + image: dellemc/csm-application-mobility-velero-plugin:v1.0.3 + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.6.2 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:7be1bef8d72f9916e6f0614d1b0a8c9559c8937f3d343780b22441c2efed314e diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml index 0a8152aa4..4026a7712 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,90 +171,86 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" - - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: false - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: false - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: false - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: false + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: false + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc - - - + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml index 9ea8cafd9..0bd5e4df2 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml @@ -2,7 +2,7 @@ apiVersion: storage.dell.com/v1 kind: ContainerStorageModule metadata: name: application-mobility - namespace: test-vxflexos + namespace: test-vxflexos spec: modules: # Application Mobility: enable csm-application-mobility module @@ -12,88 +12,87 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: true - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" - - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: true + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" - - # Name of the backup storage url - # This field has to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - #If velero is not already present in cluster, set createWithInstall to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console - aws_secret_access_key: console123 - + # Name of the backup storage url + # This field has to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" + + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + + #If velero is not already present in cluster, set createWithInstall to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console + aws_secret_access_key: console123 # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + #initContainer image for the configuration provider aws + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml index eb572f3ec..4e894f97d 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,90 +171,86 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" - - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc - - - + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml index 5cef645bf..a889e47ba 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,90 +171,86 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: Always - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "2" - - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: false - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: true - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: Always + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "2" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_ALT_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: true + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_ALT_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "alt-cloud-creds" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: false - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "alt-cloud-creds" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: false + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc - - - + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml index 0b1df9950..f7f2b5a3e 100644 --- a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml @@ -44,20 +44,20 @@ spec: value: "" - name: X_CSI_QUOTA_ENABLED value: "false" - + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,7 +103,6 @@ spec: node: envs: - # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -162,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -172,90 +171,86 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" - - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc - - - + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml index cce702a88..0bd3f9acb 100644 --- a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml @@ -1,4 +1,3 @@ - # values file for installing velero # will be used to test operator behavior when velero is installed already (not technically supported config) @@ -17,9 +16,8 @@ image: tag: v1.14.0 pullPolicy: IfNotPresent - credentials: - useSecret: true + useSecret: true name: existing-cloud-creds secretContents: cloud: | @@ -27,7 +25,6 @@ credentials: aws_access_key_id=console aws_secret_access_key=console123 - configuration: # Cloud provider being used (e.g. aws, azure, gcp). @@ -36,11 +33,8 @@ configuration: provider: aws bucket: REPLACE_BUCKET_NAME default: true - config: { - region: minio, - s3ForcePathStyle: true, - s3Url: http://REPLACE_S3URL - } + config: + { region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL } volumeSnapshotLocation: - name: default @@ -50,10 +44,10 @@ initContainers: - name: dell-custom-velero-plugin image: REPLACE_PLUGIN_IMAGE volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: velero-plugin-for-aws image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins diff --git a/tests/e2e/testfiles/appmob-values.yaml b/tests/e2e/testfiles/appmob-values.yaml index 36bfe76b2..a21788761 100644 --- a/tests/e2e/testfiles/appmob-values.yaml +++ b/tests/e2e/testfiles/appmob-values.yaml @@ -151,4 +151,3 @@ name: verify app-mobility run: - sh verify-app-mobility.sh - diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml index 0fedf9f7d..048bc1e26 100644 --- a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml @@ -12,7 +12,6 @@ spec: pollInterval: 30s --- - apiVersion: csm-authorization.storage.dell.com/v1alpha1 kind: CSMRole metadata: @@ -30,7 +29,6 @@ spec: pool: "REPLACE_STORAGE_POOL_PATH" --- - apiVersion: csm-authorization.storage.dell.com/v1alpha1 kind: CSMTenant metadata: diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml index 8c885df97..bf6a720d7 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml @@ -14,125 +14,126 @@ spec: singular: csmrole scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMRole is the Schema for the csmroles API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMRoleSpec defines the desired state of CSMRole - properties: - pool: - type: string - quota: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - systemID: - type: string - systemType: - type: string - type: object - status: - description: CSMRoleStatus defines the observed state of CSMRole - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMRole is the Schema for the csmroles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMRoleSpec defines the desired state of CSMRole + properties: + pool: + type: string + quota: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + systemID: + type: string + systemType: + type: string + type: object + status: + description: CSMRoleStatus defines the observed state of CSMRole + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -149,129 +150,130 @@ spec: singular: csmtenant scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMTenant is the Schema for the csmtenants API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMTenantSpec defines the desired state of CSMTenant - properties: - approveSdc: - type: boolean - revoke: - type: boolean - roles: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - volumePrefix: - maxLength: 3 - minLength: 1 - type: string - required: - - approveSdc - - revoke - type: object - status: - description: CSMTenantStatus defines the observed state of CSMTenant - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMTenant is the Schema for the csmtenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMTenantSpec defines the desired state of CSMTenant + properties: + approveSdc: + type: boolean + revoke: + type: boolean + roles: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + volumePrefix: + maxLength: 3 + minLength: 1 + type: string + required: + - approveSdc + - revoke + type: object + status: + description: CSMTenantStatus defines the observed state of CSMTenant + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -288,128 +290,130 @@ spec: singular: storage scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Storage is the Schema for the storages API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: StorageSpec defines the desired state of Storage - properties: - credentialPath: - type: string - credentialStore: - type: string - endpoint: - type: string - pollInterval: - type: string - skipCertificateValidation: - type: boolean - systemID: - type: string - type: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - required: - - skipCertificateValidation - type: object - status: - description: StorageStatus defines the observed state of Storage - properties: - conditions: - description: 'Storage.status.conditions.type are: "Available", "NotAvailable", - and "UnKnown"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Storage is the Schema for the storages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageSpec defines the desired state of Storage + properties: + credentialPath: + type: string + credentialStore: + type: string + endpoint: + type: string + pollInterval: + type: string + skipCertificateValidation: + type: boolean + systemID: + type: string + type: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + required: + - skipCertificateValidation + type: object + status: + description: StorageStatus defines the observed state of Storage + properties: + conditions: + description: + 'Storage.status.conditions.type are: "Available", "NotAvailable", + and "UnKnown"' + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml index 2a9d0fffa..ada8ee2a1 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml @@ -15,7 +15,7 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: local-storage hostPath: diff --git a/tests/e2e/testfiles/cert-manager-crds.yaml b/tests/e2e/testfiles/cert-manager-crds.yaml index 0ea3f19b0..60163e264 100644 --- a/tests/e2e/testfiles/cert-manager-crds.yaml +++ b/tests/e2e/testfiles/cert-manager-crds.yaml @@ -23,9 +23,9 @@ kind: CustomResourceDefinition metadata: name: clusterissuers.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -62,10 +62,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -101,7 +101,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." type: string enum: - HS256 @@ -120,7 +120,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -136,16 +136,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -172,7 +172,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -195,7 +195,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -207,7 +207,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -219,7 +219,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -243,7 +243,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -296,14 +296,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -312,7 +312,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -324,7 +324,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -351,7 +351,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -363,7 +363,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -378,7 +378,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -387,10 +387,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -399,7 +399,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -411,7 +411,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -420,7 +420,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -452,7 +452,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -1022,7 +1022,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -1141,7 +1141,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -1166,7 +1166,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -1178,7 +1178,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -1194,7 +1194,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -1227,7 +1227,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -1250,7 +1250,7 @@ spec: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -1318,9 +1318,9 @@ kind: CustomResourceDefinition metadata: name: challenges.acme.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -1360,10 +1360,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -1401,7 +1401,7 @@ spec: description: Name of the resource being referred to. type: string key: - description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' + description: "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content." type: string solver: description: Contains the domain solving configuration that should be used to solve this challenge resource. @@ -1428,7 +1428,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -1451,7 +1451,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1463,7 +1463,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1475,7 +1475,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -1499,7 +1499,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -1552,14 +1552,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -1568,7 +1568,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -1580,7 +1580,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -1607,7 +1607,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -1619,7 +1619,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -1634,7 +1634,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -1643,10 +1643,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -1655,7 +1655,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -1667,7 +1667,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -1676,7 +1676,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -1708,7 +1708,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -2278,7 +2278,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -2382,9 +2382,9 @@ kind: CustomResourceDefinition metadata: name: certificaterequests.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2436,10 +2436,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -2582,9 +2582,9 @@ kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2621,10 +2621,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -2660,7 +2660,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." type: string enum: - HS256 @@ -2679,7 +2679,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -2695,16 +2695,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -2731,7 +2731,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string host: type: string @@ -2754,7 +2754,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2766,7 +2766,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2778,7 +2778,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string serviceConsumerDomain: type: string @@ -2802,7 +2802,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -2855,14 +2855,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." type: object required: - name @@ -2871,7 +2871,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -2883,7 +2883,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string email: description: Email of the account, only required when using API key based authentication. @@ -2910,7 +2910,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -2922,7 +2922,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -2937,7 +2937,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -2946,10 +2946,10 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -2958,7 +2958,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -2970,7 +2970,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" type: object required: - name @@ -2979,7 +2979,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -3011,7 +3011,7 @@ spec: additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -3581,7 +3581,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" type: object additionalProperties: type: string @@ -3700,7 +3700,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -3725,7 +3725,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -3737,7 +3737,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -3753,7 +3753,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -3786,7 +3786,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -3809,7 +3809,7 @@ spec: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -3877,9 +3877,9 @@ kind: CustomResourceDefinition metadata: name: certificates.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -3926,10 +3926,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -3956,7 +3956,7 @@ spec: - DER - CombinedPEM commonName: - description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + description: "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4" type: string dnsNames: description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. @@ -4021,7 +4021,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string pkcs12: description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. @@ -4043,7 +4043,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" type: string literalSubject: description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. @@ -4250,9 +4250,9 @@ kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io labels: - app: 'cert-manager' - app.kubernetes.io/name: 'cert-manager' - app.kubernetes.io/instance: 'cert-manager' + app: "cert-manager" + app.kubernetes.io/name: "cert-manager" + app.kubernetes.io/instance: "cert-manager" # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -4295,10 +4295,10 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" type: string metadata: type: object @@ -4504,7 +4504,8 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -4579,10 +4580,17 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + resources: + [ + "certificates", + "certificates/status", + "certificaterequests", + "certificaterequests/status", + ] verbs: ["update", "patch"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: + ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -4678,8 +4686,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: [ "gateway.networking.k8s.io" ] - resources: [ "httproutes" ] + - apiGroups: ["gateway.networking.k8s.io"] + resources: ["httproutes"] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -4715,7 +4723,8 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: + ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -4798,7 +4807,8 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -4823,7 +4833,8 @@ rules: verbs: ["update", "patch"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: + ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4841,9 +4852,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -5041,10 +5052,10 @@ roleRef: kind: ClusterRole name: cert-manager-webhook:subjectaccessreviews subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: cert-manager + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -5067,7 +5078,11 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + resourceNames: + [ + "cert-manager-cainjector-leader-election", + "cert-manager-cainjector-leader-election-core", + ] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5107,15 +5122,15 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: -- apiGroups: [""] - resources: ["secrets"] - resourceNames: - - 'cert-manager-webhook-ca' - verbs: ["get", "list", "watch", "update"] -# It's not possible to grant CREATE permission on a single resourceName. -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + resourceNames: + - "cert-manager-webhook-ca" + verbs: ["get", "list", "watch", "update"] + # It's not possible to grant CREATE permission on a single resourceName. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -5181,10 +5196,10 @@ roleRef: kind: Role name: cert-manager-webhook:dynamic-serving subjects: -- apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: cert-manager + - apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -5201,10 +5216,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager @@ -5225,10 +5240,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager @@ -5273,18 +5288,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -5318,8 +5333,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: 'true' - prometheus.io/port: '9402' + prometheus.io/scrape: "true" + prometheus.io/port: "9402" spec: serviceAccountName: cert-manager securityContext: @@ -5331,25 +5346,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5392,21 +5407,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=cert-manager-webhook + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -5431,12 +5446,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5498,14 +5513,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" diff --git a/tests/e2e/testfiles/connectivity-values.yaml b/tests/e2e/testfiles/connectivity-values.yaml index 2932d933b..2eb849c22 100644 --- a/tests/e2e/testfiles/connectivity-values.yaml +++ b/tests/e2e/testfiles/connectivity-values.yaml @@ -33,27 +33,27 @@ - scenario: "Validate role/rolebindings created for brownfield-onboard scenario" paths: - - "testfiles/connectivity_client.yaml" - - "testfiles/storage_csm_powerflex.yaml" + - "testfiles/connectivity_client.yaml" + - "testfiles/storage_csm_powerflex.yaml" tags: - - "sanity" - - "client" + - "sanity" + - "client" steps: - - "Given a client environment with k8s or openshift, and CSM operator installed" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Apply custom resource [2]" - - "Validate custom resource [2]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Install connectivity client from CR [1]" - - "Validate connectivity client from CR [1] is installed" - - "Validate rbac created in namespace [test-vxflexos]" - - "Uninstall connectivity client from CR [1]" - - "Validate connectivity client from CR [1] is not installed" - - "Validate connectivity client rbac objects are removed from all namespaces" - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [2]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + - "Given a client environment with k8s or openshift, and CSM operator installed" + - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" + - "Apply custom resource [2]" + - "Validate custom resource [2]" + - "Validate [powerflex] driver from CR [2] is installed" + - "Install connectivity client from CR [1]" + - "Validate connectivity client from CR [1] is installed" + - "Validate rbac created in namespace [test-vxflexos]" + - "Uninstall connectivity client from CR [1]" + - "Validate connectivity client from CR [1] is not installed" + - "Validate connectivity client rbac objects are removed from all namespaces" + - "Enable forceRemoveDriver on CR [2]" + - "Delete custom resource [2]" + - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" + - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - scenario: "Validate rbac objects created for brownfield scenario when the client is running and CSM is created" paths: diff --git a/tests/e2e/testfiles/pflex-pscale-values.yaml b/tests/e2e/testfiles/pflex-pscale-values.yaml index e1f0f8155..8f63f83ff 100644 --- a/tests/e2e/testfiles/pflex-pscale-values.yaml +++ b/tests/e2e/testfiles/pflex-pscale-values.yaml @@ -17,7 +17,7 @@ - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" customTest: name: Cert CSI - run: + run: - ./cert-csi test vio --sc op-e2e-isilon --chainNumber 2 --chainLength 2 - scenario: "Uninstall PowerScale Driver" @@ -54,7 +54,7 @@ - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" customTest: name: Cert CSI - run: + run: - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - scenario: "Uninstall PowerFlex Driver" @@ -141,7 +141,7 @@ name: Cert CSI run: - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - + - scenario: Install PowerFlex Driver(With Authorization), Disable Authorization module" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" @@ -205,7 +205,3 @@ - "Delete custom resource [1]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - - - - diff --git a/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml b/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml index ab5af5ad7..57616d621 100644 --- a/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml +++ b/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml @@ -3,7 +3,6 @@ systemID: REPLACE_SYSTEMID endpoint: https://REPLACE_ENDPOINT skipCertificateValidation: true - isDefault: true + isDefault: true mdm: REPLACE_MDM nasName: "none" - diff --git a/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml b/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml index 981b3d108..3886bb552 100644 --- a/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml +++ b/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml @@ -9,11 +9,11 @@ reclaimPolicy: Delete allowVolumeExpansion: true parameters: storagepool: REPLACE_POOL - systemID: REPLACE_SYSTEMID + systemID: REPLACE_SYSTEMID csi.storage.k8s.io/fstype: ext4 volumeBindingMode: WaitForFirstConsumer allowedTopologies: -- matchLabelExpressions: - - key: csi-vxflexos.dellemc.com/REPLACE_SYSTEMID - values: - - csi-vxflexos.dellemc.com + - matchLabelExpressions: + - key: csi-vxflexos.dellemc.com/REPLACE_SYSTEMID + values: + - csi-vxflexos.dellemc.com diff --git a/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml b/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml index 7dfb5690f..e58830dcc 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml @@ -12,4 +12,4 @@ data: # if authorization is enabled, password will be ignored password: "REPLACE_PASS" # Uncomment the following key if you wish to use ISCSI CHAP authentication (v1.3.0 onwards) - # chapsecret: \ No newline at end of file + # chapsecret: diff --git a/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml b/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml index 7ad1001b0..f0629b09f 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml @@ -20,4 +20,3 @@ allowedTopologies: - key: csi-powermax.dellemc.com/REPLACE_SYSTEMID.iscsi values: - csi-powermax.dellemc.com - diff --git a/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml b/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml index d3f3a8fc4..f77d51908 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml @@ -28,4 +28,4 @@ standAloneConfig: managementServers: - url: "https://REPLACE_AUTH_ENDPOINT:9400" arrayCredentialSecret: powermax-creds - skipCertificateValidation: true \ No newline at end of file + skipCertificateValidation: true diff --git a/tests/e2e/testfiles/powerscale-cert-secret-0.yaml b/tests/e2e/testfiles/powerscale-cert-secret-0.yaml index cdfc73c59..5f7b2274b 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-0.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-0.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-0 - namespace: dell + name: powerscale-certs-0 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-cert-secret-1.yaml b/tests/e2e/testfiles/powerscale-cert-secret-1.yaml index 7a0e1dd60..a902f0042 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-1.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-1 - namespace: dell + name: powerscale-certs-1 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-cert-secret-2.yaml b/tests/e2e/testfiles/powerscale-cert-secret-2.yaml index 1989102ee..1f7e52bcf 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-2.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-2.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-2 - namespace: dell + name: powerscale-certs-2 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml b/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml index 06fec65c3..d39d78e1a 100644 --- a/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml +++ b/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml @@ -61,7 +61,6 @@ parameters: # until a Pod using the PersistentVolumeClaim is created # Default value: Immediate volumeBindingMode: Immediate - # allowedTopologies helps scheduling pods on worker nodes which match all of below expressions. # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies # Change all instances of to the IP of the PowerScale OneFS API server diff --git a/tests/e2e/testfiles/powerscale-sc.yaml b/tests/e2e/testfiles/powerscale-sc.yaml index 070795671..151d9bd3a 100644 --- a/tests/e2e/testfiles/powerscale-sc.yaml +++ b/tests/e2e/testfiles/powerscale-sc.yaml @@ -61,7 +61,6 @@ parameters: # until a Pod using the PersistentVolumeClaim is created # Default value: Immediate volumeBindingMode: Immediate - # allowedTopologies helps scheduling pods on worker nodes which match all of below expressions. # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies # Change all instances of to the IP of the PowerScale OneFS API server diff --git a/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml b/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml index 6114c64f0..9fd749538 100644 --- a/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml +++ b/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml @@ -1,9 +1,9 @@ arrays: - endpoint: "https://REPLACE_ENDPOINT/api/rest" globalID: REPLACE_GLOBALID - username: REPLACE_USER + username: REPLACE_USER password: REPLACE_PASS skipCertificateValidation: true isDefault: true blockProtocol: "auto" - nasName: "Generic_NAS" \ No newline at end of file + nasName: "Generic_NAS" diff --git a/tests/e2e/testfiles/sample-application/kustomization.yaml b/tests/e2e/testfiles/sample-application/kustomization.yaml index 1ac36f340..b587f6939 100644 --- a/tests/e2e/testfiles/sample-application/kustomization.yaml +++ b/tests/e2e/testfiles/sample-application/kustomization.yaml @@ -1,7 +1,7 @@ secretGenerator: -- name: mysql-pass - literals: - - password=dangerous + - name: mysql-pass + literals: + - password=dangerous resources: - mysql-deployment.yaml - wordpress-deployment.yaml diff --git a/tests/e2e/testfiles/sample-application/mysql-deployment.yaml b/tests/e2e/testfiles/sample-application/mysql-deployment.yaml index 65f5dbbaa..f557f7cc1 100644 --- a/tests/e2e/testfiles/sample-application/mysql-deployment.yaml +++ b/tests/e2e/testfiles/sample-application/mysql-deployment.yaml @@ -46,21 +46,21 @@ spec: tier: mysql spec: containers: - - image: mysql:5.6 - name: mysql - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-pass - key: password - ports: - - containerPort: 3306 + - image: mysql:5.6 name: mysql - volumeMounts: - - name: mysql-persistent-storage - mountPath: /var/lib/mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 3306 + name: mysql + volumeMounts: + - name: mysql-persistent-storage + mountPath: /var/lib/mysql volumes: - - name: mysql-persistent-storage - persistentVolumeClaim: - claimName: mysql-pv-claim + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml b/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml index 7bd656f1f..1f5198718 100644 --- a/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml +++ b/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml @@ -10,7 +10,7 @@ spec: selector: app: wordpress tier: frontend - type: NodePort + type: NodePort --- apiVersion: v1 kind: PersistentVolumeClaim @@ -47,26 +47,26 @@ spec: spec: securityContext: sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" + - name: net.ipv4.ip_unprivileged_port_start + value: "0" containers: - - image: wordpress:6.3.1-apache - name: wordpress - env: - - name: WORDPRESS_DB_HOST - value: wordpress-mysql - - name: WORDPRESS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-pass - key: password - ports: - - containerPort: 80 + - image: wordpress:6.3.1-apache name: wordpress - volumeMounts: - - name: wordpress-persistent-storage - mountPath: /var/www/html + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 80 + name: wordpress + volumeMounts: + - name: wordpress-persistent-storage + mountPath: /var/www/html volumes: - - name: wordpress-persistent-storage - persistentVolumeClaim: - claimName: wp-pv-claim + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wp-pv-claim diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index f166fd4e8..147670e6c 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -16,8 +16,8 @@ # Upgrade from V1 to V2 is not supported - scenario: "Install Authorization Proxy Server V1 and upgrade" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 tags: - "authorizationproxyserver" steps: @@ -96,8 +96,8 @@ - scenario: "Install Authorization Proxy Server & PowerFlex Driver (With Authorization V1), Upgrade both Authorization Proxy Server and PowerFlex Driver" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" tags: @@ -1631,7 +1631,6 @@ run: - cert-csi test vio --sc op-e2e-pmax --chainNumber 2 --chainLength 2 - - scenario: "Install Powermax Driver(Standalone), Enable Resiliency" paths: - "testfiles/storage_csm_powermax.yaml" @@ -1651,7 +1650,6 @@ - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - - scenario: "Install Powermax Driver(With Resiliency), Disable Resiliency module" paths: - "testfiles/storage_csm_powermax_resiliency.yaml" @@ -1670,4 +1668,3 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - diff --git a/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml b/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml index 207f1622d..5db0de92c 100644 --- a/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml +++ b/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml @@ -15,7 +15,7 @@ - "Validate [powerscale] driver from CR [1] is installed" - "Validate [observability] module from CR [1] is installed" - "Run custom test" - + #upgrade - "Upgrade from custom resource [1] to [2]" - "Validate custom resource [2]" @@ -26,4 +26,4 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - - "Delete custom resource [2]" \ No newline at end of file + - "Delete custom resource [2]" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml index a7a22f5de..08a1d8428 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml @@ -36,20 +36,19 @@ spec: - name: "CERT_SECRET_COUNT" value: "0" - sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.225.109.64,10.225.109.65" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.225.109.64,10.225.109.65" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -131,7 +130,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" #provide MDM value + value: "10.x.x.x,10.x.x.x" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -139,13 +138,13 @@ spec: enabled: true configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.11.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.11.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" \ No newline at end of file + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml index 6dbe6a072..2441557ca 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml @@ -36,20 +36,19 @@ spec: - name: "CERT_SECRET_COUNT" value: "0" - sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.x.x.x,10.x.x.x" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -131,7 +130,7 @@ spec: name: sdc envs: - name: MDM - value: "10.225.109.64,10.225.109.65" #provide MDM value + value: "10.225.109.64,10.225.109.65" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -139,13 +138,13 @@ spec: enabled: true configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.11.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.11.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml index 827e79e5f..ebe2943d5 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml @@ -42,22 +42,22 @@ spec: value: "false" sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver + # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner args: ["--volume-name-prefix=k8s"] - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:3.6.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,7 +103,6 @@ spec: node: envs: - # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -135,8 +134,6 @@ spec: - name: X_CSI_MAX_VOLUMES_PER_NODE value: "0" - - # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset # Leave as blank to use all nodes # Allowed values: map of key-value pairs @@ -159,7 +156,7 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" @@ -185,7 +182,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC @@ -194,16 +191,16 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # observability: allows to configure observability - name: observability @@ -329,52 +326,52 @@ spec: enabled: false configVersion: v1.7.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerflex" + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" + image: dellemc/dell-replication-controller:v1.7.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index 562b560a7..4ef8b1773 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -145,7 +145,7 @@ spec: # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index f493dac1d..d25470dea 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: @@ -306,4 +306,4 @@ spec: - "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock" - "--mode=node" - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - - "--driverPath=csi-powermax.dellemc.com" \ No newline at end of file + - "--driverPath=csi-powermax.dellemc.com" diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index f472d4ea5..08c3056ce 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization @@ -277,4 +277,4 @@ spec: value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" \ No newline at end of file + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 4ae990a75..1f2dd042b 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,28 +242,28 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" - + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" + # observability: allows to configure observability - name: observability # enabled: Enable/Disable observability diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index 4e929ac82..1feba38db 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: diff --git a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index 6bbf5d2bd..fc0a656a4 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -225,7 +225,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity @@ -277,4 +277,4 @@ spec: value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" \ No newline at end of file + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index 0beb3709b..e19e67fd6 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: [ "--monitor-interval=60s" ] + args: ["--monitor-interval=60s"] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,24 +242,24 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy - # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" \ No newline at end of file + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 168efdebb..8ff25f164 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -1,488 +1,488 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: isilon - namespace: isilon -spec: - driver: - csiDriverType: "isilon" - csiDriverSpec: - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.11.0 - authSecret: isilon-creds - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - # Uninstall CSI Driver and/or modules when CR is deleted - forceRemoveDriver: true - common: - image: "dellemc/csi-isilon:nightly" - imagePullPolicy: IfNotPresent - envs: - # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs - # Allowed Values: - # 0: log full content of the HTTP request and response - # 1: log without the HTTP response body - # 2: log only 1st line of the HTTP request and response - # Default value: 0 - - name: X_CSI_VERBOSE - value: "1" - - # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server - # This value acts as a default value for endpointPort, if not specified for a cluster config in secret - # Allowed value: valid port number - # Default value: 8080 - - name: X_CSI_ISI_PORT - value: "8080" - - # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. - # This value acts as a default value for isiPath, if not specified for a cluster config in secret - # Ensure that this path exists on PowerScale cluster. - # Allowed values: unix absolute path - # Default value: /ifs - # Examples: /ifs/data/csi, /ifs/engineering - - name: X_CSI_ISI_PATH - value: "/ifs/data/csi" - - # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization - # Allowed values: - # true : do not probe all PowerScale clusters during driver initialization - # false: probe all PowerScale clusters during driver initialization - # Default value: false - - name: X_CSI_ISI_NO_PROBE_ON_START - value: "false" - - # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. - # Allowed values: - # true : enable auto probe. - # false: disable auto probe. - # Default value: false - - name: X_CSI_ISI_AUTOPROBE - value: "true" - - # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. - # Formerly this attribute was named as "X_CSI_ISI_INSECURE" - # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret - # Allowed values: - # true: skip OneFS API server's certificate verification - # false: verify OneFS API server's certificates - # Default value: true - - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION - value: "true" - - # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: - # has to be used for making connection to backend PowerScale Array. - # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. - # Allowed values: - # true : enable custom topology - # false: disable custom topology - # Default value: false - - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED - value: "false" - - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: None - - name: KUBELET_CONFIG_DIR - value: "/var/lib/kubelet" - - # certSecretCount: Represents number of certificate secrets, which user is going to create for - # ssl authentication. (isilon-cert-0..isilon-cert-n) - # Allowed values: n, where n > 0 - # Default value: None - - name: "CERT_SECRET_COUNT" - value: "1" - - # CSI driver log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "CSI_LOG_LEVEL" - value: "debug" - - controller: - envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of controller deployment. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controller deployment, if required. - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - node: - envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of node daemonset - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the node daemonset, if required. - # Default value: None - tolerations: - # - key: "node.kubernetes.io/memory-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/disk-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/network-unavailable" - # operator: "Exists" - # effect: "NoExecute" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - sideCars: - - name: provisioner - args: ["--volume-name-prefix=csipscale"] - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - enabled: false - args: ["--monitor-interval=60s"] - - modules: - # Authorization: enable csm-authorization for RBAC - - name: authorization - # enable: Enable/Disable csm-authorization - enabled: false - configVersion: v1.11.0 - components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" - - # replication: allows to configure replication - # Replication CRDs must be installed before installing driver - - name: replication - # enabled: Enable/Disable replication feature - # Allowed values: - # true: enable replication feature(install dell-csi-replicator sidecar) - # false: disable replication feature(do not install dell-csi-replicator sidecar) - # Default value: false - enabled: false - configVersion: v1.9.0 - components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 - - # observability: allows to configure observability - - name: observability - # enabled: Enable/Disable observability - enabled: true - configVersion: v1.9.0 - components: - - name: topology - # enabled: Enable/Disable topology - enabled: true - # image: Defines karavi-topology image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-topology:nightly - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # topology log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "TOPOLOGY_LOG_LEVEL" - value: "INFO" - - - name: otel-collector - # enabled: Enable/Disable OpenTelemetry Collector - enabled: true - # image: Defines otel-collector image. This shouldn't be changed - # Allowed values: string - image: otel/opentelemetry-collector:0.42.0 - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # image of nginx proxy image - # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.20" - - name: "NGINX_PROXY_IMAGE" - value: "nginxinc/nginx-unprivileged:1.20" - - - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - enabled: true - - - name: metrics-powerscale - # enabled: Enable/Disable PowerScale metrics - enabled: true - # image: Defines PowerScale metrics image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-metrics-powerscale:nightly - envs: - # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale - # Allowed values: int - # Default value: 10 - - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" - value: "10" - # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" - value: "true" - # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" - value: "true" - # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data - # Allowed values: int - # Default value: 30 - - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" - value: "30" - # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" - value: "20" - # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" - value: "30" - # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_INSECURE" - value: "true" - # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_AUTH_TYPE" - value: "0" - # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs - # Allowed values: 0,1,2 - # Default value: 0 - - name: "ISICLIENT_VERBOSE" - value: "0" - # PowerScale metrics log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "POWERSCALE_LOG_LEVEL" - value: "INFO" - # PowerScale Metrics Output logs in the specified format - # Valid values: TEXT, JSON - # Default value: "TEXT" - - name: "POWERSCALE_LOG_FORMAT" - value: "TEXT" - # Otel collector address - # Allowed values: String - # Default value: "otel-collector:55680" - - name: "COLLECTOR_ADDRESS" - value: "otel-collector:55680" - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - name: podmon-node - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + configVersion: v2.11.0 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "dellemc/csi-isilon:nightly" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.11.0 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.9.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: true + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:nightly + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "0" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - name: podmon-node + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 04b344e4a..cdc6b083f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -1,488 +1,488 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: isilon - namespace: isilon -spec: - driver: - csiDriverType: "isilon" - csiDriverSpec: - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.11.0 - authSecret: isilon-creds - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - # Uninstall CSI Driver and/or modules when CR is deleted - forceRemoveDriver: true - common: - image: "dellemc/csi-isilon:nightly" - imagePullPolicy: IfNotPresent - envs: - # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs - # Allowed Values: - # 0: log full content of the HTTP request and response - # 1: log without the HTTP response body - # 2: log only 1st line of the HTTP request and response - # Default value: 0 - - name: X_CSI_VERBOSE - value: "1" - - # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server - # This value acts as a default value for endpointPort, if not specified for a cluster config in secret - # Allowed value: valid port number - # Default value: 8080 - - name: X_CSI_ISI_PORT - value: "8080" - - # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. - # This value acts as a default value for isiPath, if not specified for a cluster config in secret - # Ensure that this path exists on PowerScale cluster. - # Allowed values: unix absolute path - # Default value: /ifs - # Examples: /ifs/data/csi, /ifs/engineering - - name: X_CSI_ISI_PATH - value: "/ifs/data/csi" - - # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization - # Allowed values: - # true : do not probe all PowerScale clusters during driver initialization - # false: probe all PowerScale clusters during driver initialization - # Default value: false - - name: X_CSI_ISI_NO_PROBE_ON_START - value: "false" - - # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. - # Allowed values: - # true : enable auto probe. - # false: disable auto probe. - # Default value: false - - name: X_CSI_ISI_AUTOPROBE - value: "true" - - # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. - # Formerly this attribute was named as "X_CSI_ISI_INSECURE" - # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret - # Allowed values: - # true: skip OneFS API server's certificate verification - # false: verify OneFS API server's certificates - # Default value: true - - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION - value: "true" - - # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: - # has to be used for making connection to backend PowerScale Array. - # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. - # Allowed values: - # true : enable custom topology - # false: disable custom topology - # Default value: false - - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED - value: "false" - - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: None - - name: KUBELET_CONFIG_DIR - value: "/var/lib/kubelet" - - # certSecretCount: Represents number of certificate secrets, which user is going to create for - # ssl authentication. (isilon-cert-0..isilon-cert-n) - # Allowed values: n, where n > 0 - # Default value: None - - name: "CERT_SECRET_COUNT" - value: "1" - - # CSI driver log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "CSI_LOG_LEVEL" - value: "debug" - - controller: - envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of controller deployment. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controller deployment, if required. - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - node: - envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of node daemonset - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the node daemonset, if required. - # Default value: None - tolerations: - # - key: "node.kubernetes.io/memory-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/disk-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/network-unavailable" - # operator: "Exists" - # effect: "NoExecute" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - sideCars: - - name: provisioner - args: ["--volume-name-prefix=csipscale"] - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - enabled: false - args: ["--monitor-interval=60s"] - - modules: - # Authorization: enable csm-authorization for RBAC - - name: authorization - # enable: Enable/Disable csm-authorization - enabled: false - configVersion: v1.11.0 - components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" - - # replication: allows to configure replication - # Replication CRDs must be installed before installing driver - - name: replication - # enabled: Enable/Disable replication feature - # Allowed values: - # true: enable replication feature(install dell-csi-replicator sidecar) - # false: disable replication feature(do not install dell-csi-replicator sidecar) - # Default value: false - enabled: false - configVersion: v1.9.0 - components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 - - # observability: allows to configure observability - - name: observability - # enabled: Enable/Disable observability - enabled: true - configVersion: v1.9.0 - components: - - name: topology - # enabled: Enable/Disable topology - enabled: true - # image: Defines karavi-topology image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-topology:nightly - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - envs: - # topology log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "TOPOLOGY_LOG_LEVEL" - value: "INFO" - - - name: otel-collector - # enabled: Enable/Disable OpenTelemetry Collector - enabled: false - # image: Defines otel-collector image. This shouldn't be changed - # Allowed values: string - image: otel/opentelemetry-collector:0.42.0 - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # image of nginx proxy image - # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.20" - - name: "NGINX_PROXY_IMAGE" - value: "nginxinc/nginx-unprivileged:1.20" - - - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - enabled: true - - - name: metrics-powerscale - # enabled: Enable/Disable PowerScale metrics - enabled: false - # image: Defines PowerScale metrics image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-metrics-powerscale:nightly - envs: - # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale - # Allowed values: int - # Default value: 10 - - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" - value: "10" - # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" - value: "true" - # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" - value: "true" - # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data - # Allowed values: int - # Default value: 30 - - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" - value: "30" - # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" - value: "20" - # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" - value: "30" - # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_INSECURE" - value: "true" - # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_AUTH_TYPE" - value: "0" - # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs - # Allowed values: 0,1,2 - # Default value: 0 - - name: "ISICLIENT_VERBOSE" - value: "0" - # PowerScale metrics log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "POWERSCALE_LOG_LEVEL" - value: "INFO" - # PowerScale Metrics Output logs in the specified format - # Valid values: TEXT, JSON - # Default value: "TEXT" - - name: "POWERSCALE_LOG_FORMAT" - value: "TEXT" - # Otel collector address - # Allowed values: String - # Default value: "otel-collector:55680" - - name: "COLLECTOR_ADDRESS" - value: "otel-collector:55680" - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - name: podmon-node - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + configVersion: v2.11.0 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "dellemc/csi-isilon:nightly" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.11.0 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.9.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:nightly + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "0" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - name: podmon-node + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index bc142a779..8fc037dab 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -103,54 +103,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -172,38 +172,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -247,16 +247,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -269,58 +269,58 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 + image: dellemc/dell-replication-init:v1.0.0 # observability: allows to configure observability - name: observability @@ -371,11 +371,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true enabled: true - name: metrics-powerscale diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml index a35add2bd..8ff25f164 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml @@ -103,54 +103,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -172,38 +172,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -247,16 +247,16 @@ spec: enabled: false configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -269,58 +269,58 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 + image: dellemc/dell-replication-init:v1.0.0 # observability: allows to configure observability - name: observability @@ -371,11 +371,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true enabled: true - name: metrics-powerscale diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 4fa69e8fe..5409ef5bb 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -225,7 +225,7 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 06ee947c2..75ca96cc6 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -82,7 +82,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index e54191e89..349712d23 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -82,7 +82,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. From 8591919549d18c5e7d7582d7bdfd0fd96da359bc Mon Sep 17 00:00:00 2001 From: Surya Date: Tue, 24 Sep 2024 12:42:16 +0000 Subject: [PATCH 10/33] yamllint fixes --- operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml | 2 +- operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml | 2 +- operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml | 2 +- .../moduleconfig/authorization/v2.0.0-alpha/policies.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml index 0e7dc16bb..f18eb6b7f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml index 0e7dc16bb..f18eb6b7f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml index 0e7dc16bb..f18eb6b7f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml index ff1ac70a9..4f12026db 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } From e7839735c6957bdf370a08949edd20328c9d0ba3 Mon Sep 17 00:00:00 2001 From: Surya Date: Tue, 24 Sep 2024 12:46:56 +0000 Subject: [PATCH 11/33] yamllint fixes --- operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml | 2 +- .../testfiles/application-mobility-templates/velero-values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml index 0e7dc16bb..f18eb6b7f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml index 0bd3f9acb..31aab1e4b 100644 --- a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml @@ -34,7 +34,7 @@ configuration: bucket: REPLACE_BUCKET_NAME default: true config: - { region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL } + {region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL} volumeSnapshotLocation: - name: default From 7e96b33b859a8dcaababe87a1300c486ff1e6078 Mon Sep 17 00:00:00 2001 From: Rishabh Raj <120644626+rishabhatdell@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:08:45 +0530 Subject: [PATCH 12/33] Update storage_csm_unity_v2111.yaml --- samples/ocp/1.6.1/storage_csm_unity_v2111.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml index 735a96a65..0a79854b1 100644 --- a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml +++ b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml @@ -24,7 +24,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: "registry.connect.redhat.com/dell-emc/csi-unity@" + image: "registry.connect.redhat.com/dell-emc/csi-unity@sha256:7f2abaf2c6dd92abc2824f4adc0aac929844452692e9c99cd7cdb99df1f7e129" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. From 44e03f1ba0bfaf76ba5aeff6f271b0330c783047 Mon Sep 17 00:00:00 2001 From: ChristianAtDell <110482953+ChristianAtDell@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:46:19 -0500 Subject: [PATCH 13/33] Added necessary YAML and added scenario flags (#704) --- tests/e2e/go.mod | 28 +-- tests/e2e/go.sum | 29 +++ tests/e2e/testfiles/scenarios.yaml | 4 +- .../storage_csm_powerflex_replica.yaml | 224 ++++++++++++++++++ 4 files changed, 270 insertions(+), 15 deletions(-) create mode 100644 tests/e2e/testfiles/storage_csm_powerflex_replica.yaml diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod index 102b5ce1c..370680412 100644 --- a/tests/e2e/go.mod +++ b/tests/e2e/go.mod @@ -4,9 +4,9 @@ go 1.22 require ( github.com/dell/csm-operator v0.0.0 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 - golang.org/x/mod v0.18.0 + github.com/onsi/ginkgo/v2 v2.20.2 + github.com/onsi/gomega v1.34.1 + golang.org/x/mod v0.20.0 k8s.io/api v0.28.9 k8s.io/apimachinery v0.28.9 k8s.io/client-go v0.28.9 @@ -34,7 +34,7 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -47,7 +47,7 @@ require ( github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect github.com/google/uuid v1.3.1 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect @@ -85,22 +85,22 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.24.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/grpc v1.59.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index 17d15ccd1..3b584de68 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -52,6 +52,8 @@ github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= @@ -91,6 +93,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= @@ -136,10 +140,15 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -231,12 +240,18 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f h1:Al51T6tzvuh3oiwX11vex3QgJ2XTedFPGmbEVh8cdoc= golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -244,6 +259,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -252,19 +269,27 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -273,6 +298,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -291,6 +318,8 @@ google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 147670e6c..8332a7b7a 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -897,6 +897,7 @@ paths: - "testfiles/storage_csm_powerflex_observability_custom_cert.yaml" tags: + - "powerflex" - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" @@ -915,6 +916,7 @@ paths: - "testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml" tags: + - "powerflex" - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" @@ -1054,7 +1056,7 @@ tags: - "authorizationproxyserver" - "authorization" - # - "powerflex" + - "powerflex" - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml new file mode 100644 index 000000000..7b7f5b247 --- /dev/null +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -0,0 +1,224 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: test-vxflexos + namespace: test-vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.11.0 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:nightly" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: "false" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + sideCars: + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5.2.1 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.x.x.x,10.x.x.x" # provide MDM value + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + # - name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # "controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + # Examples: + # node-role.kubernetes.io/control-plane: "" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + initContainers: + - image: dellemc/sdc:4.5.2.1 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.x.x.x,10.x.x.x" # provide MDM value + modules: + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: true + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:nightly + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:nightly + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 \ No newline at end of file From 7d0ba03fff44b1f4e222d91d9007230e2f266e38 Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Wed, 25 Sep 2024 16:54:47 -0400 Subject: [PATCH 14/33] Powerscale E2E Test Fixes (#705) * Add Powerscale port variable * Template auth variables * Update go files * Add Powerscale port variable handling * Fix scenarios for PowerScale * Update powerscale template files --- tests/e2e/go.sum | 29 ----------------- tests/e2e/steps/steps_def.go | 30 +++++++++++------ .../karavi-authorization-config.json | 4 +-- .../powerscale-auth-secret-template.yaml | 8 +++-- .../powerscale-secret-template.yaml | 2 +- tests/e2e/testfiles/scenarios.yaml | 32 +++++++++++++------ .../e2e/testfiles/storage_csm_powerscale.yaml | 23 +++++++++++++ .../storage_csm_powerscale_auth.yaml | 10 +++++- .../storage_csm_powerscale_resiliency.yaml | 17 ---------- 9 files changed, 82 insertions(+), 73 deletions(-) diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index 3b584de68..e3359b611 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -50,8 +50,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -91,8 +89,6 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= @@ -140,13 +136,8 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -238,18 +229,12 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= -golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f h1:Al51T6tzvuh3oiwX11vex3QgJ2XTedFPGmbEVh8cdoc= -golang.org/x/exp v0.0.0-20221028150844-83b7d23a625f/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -257,8 +242,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= @@ -267,27 +250,19 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= @@ -296,8 +271,6 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -316,8 +289,6 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/tests/e2e/steps/steps_def.go b/tests/e2e/steps/steps_def.go index f41887527..bda25653a 100644 --- a/tests/e2e/steps/steps_def.go +++ b/tests/e2e/steps/steps_def.go @@ -53,9 +53,9 @@ var ( quotaLimit = "30000000" pflexSecretMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM", "REPLACE_POOL": "PFLEX_POOL"} pflexAuthSecretMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_AUTH_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM"} - pscaleSecretMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT"} - pscaleAuthSecretMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_PORT": "PSCALE_AUTH_PORT", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT"} - pscaleAuthSidecarMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_PORT": "PSCALE_AUTH_PORT"} + pscaleSecretMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_PORT": "PSCALE_PORT"} + pscaleAuthSecretMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_AUTH_PORT": "PSCALE_AUTH_PORT", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_PORT": "PSCALE_PORT"} + pscaleAuthSidecarMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PSCALE_AUTH_ENDPOINT", "REPLACE_AUTH_PORT": "PSCALE_AUTH_PORT", "REPLACE_PORT": "PSCALE_PORT"} pflexAuthSidecarMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PFLEX_AUTH_ENDPOINT"} pmaxCredMap = map[string]string{"REPLACE_USER": "PMAX_USER_ENCODED", "REPLACE_PASS": "PMAX_PASS_ENCODED"} pmaxAuthSidecarMap = map[string]string{"REPLACE_SYSTEMID": "PMAX_SYSTEMID", "REPLACE_ENDPOINT": "PMAX_ENDPOINT", "REPLACE_AUTH_ENDPOINT": "PMAX_AUTH_ENDPOINT"} @@ -67,7 +67,7 @@ var ( pflexCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PFLEX_STORAGE", "REPLACE_STORAGE_TYPE": "PFLEX_STORAGE", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_SYSTEM_ID": "PFLEX_SYSTEMID", "REPLACE_VAULT_STORAGE_PATH": "PFLEX_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PFLEX_ROLE", "REPLACE_QUOTA": "PFLEX_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PFLEX_POOL", "REPLACE_TENANT_NAME": "PFLEX_TENANT", "REPLACE_TENANT_ROLES": "PFLEX_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PFLEX_TENANT_PREFIX"} // Auth V2 - pscaleCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PSCALE_STORAGE", "REPLACE_STORAGE_TYPE": "PSCALE_STORAGE", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_SYSTEM_ID": "PSCALE_CLUSTER", "REPLACE_VAULT_STORAGE_PATH": "PSCALE_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PSCALE_ROLE", "REPLACE_QUOTA": "PSCALE_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PSCALE_POOL_V2", "REPLACE_TENANT_NAME": "PSCALE_TENANT", "REPLACE_TENANT_ROLES": "PSCALE_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PSCALE_TENANT_PREFIX"} + pscaleCrMap = map[string]string{"REPLACE_STORAGE_NAME": "PSCALE_STORAGE", "REPLACE_STORAGE_TYPE": "PSCALE_STORAGE", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_SYSTEM_ID": "PSCALE_CLUSTER", "REPLACE_VAULT_STORAGE_PATH": "PSCALE_VAULT_STORAGE_PATH", "REPLACE_ROLE_NAME": "PSCALE_ROLE", "REPLACE_QUOTA": "PSCALE_QUOTA", "REPLACE_STORAGE_POOL_PATH": "PSCALE_POOL_V2", "REPLACE_TENANT_NAME": "PSCALE_TENANT", "REPLACE_TENANT_ROLES": "PSCALE_ROLE", "REPLACE_TENANT_VOLUME_PREFIX": "PSCALE_TENANT_PREFIX", "REPLACE_PORT": "PSCALE_PORT"} pstoreSecretMap = map[string]string{"REPLACE_USER": "PSTORE_USER", "REPLACE_PASS": "PSTORE_PASS", "REPLACE_GLOBALID": "PSTORE_GLOBALID", "REPLACE_ENDPOINT": "PSTORE_ENDPOINT"} ) @@ -328,7 +328,7 @@ func (step *Step) deleteCustomResource(res Resource, crNumStr string) error { func (step *Step) validateCustomResourceStatus(res Resource, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) cr := res.CustomResource[crNum-1] - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) found := new(csmv1.ContainerStorageModule) err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{ Namespace: cr.Namespace, @@ -346,13 +346,13 @@ func (step *Step) validateCustomResourceStatus(res Resource, crNumStr string) er func (step *Step) validateDriverInstalled(res Resource, driverName string, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) return checkAllRunningPods(context.TODO(), res.CustomResource[crNum-1].Namespace, step.clientSet) } func (step *Step) validateDriverNotInstalled(res Resource, driverName string, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) return checkNoRunningPods(context.TODO(), res.CustomResource[crNum-1].Namespace, step.clientSet) } @@ -379,7 +379,7 @@ func (step *Step) removeNodeLabel(res Resource, label string) error { func (step *Step) validateModuleInstalled(res Resource, module string, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) cr := res.CustomResource[crNum-1] - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) found := new(csmv1.ContainerStorageModule) if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{ Namespace: cr.Namespace, @@ -424,7 +424,7 @@ func (step *Step) validateModuleInstalled(res Resource, module string, crNumStr func (step *Step) validateModuleNotInstalled(res Resource, module string, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) cr := res.CustomResource[crNum-1] - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) found := new(csmv1.ContainerStorageModule) if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{ Namespace: cr.Namespace, @@ -889,7 +889,7 @@ func (step *Step) runCustomTest(res Resource) error { func (step *Step) enableModule(res Resource, module string, crNumStr string) error { crNum, _ := strconv.Atoi(crNumStr) cr := res.CustomResource[crNum-1] - time.Sleep(60 * time.Second) + time.Sleep(20 * time.Second) found := new(csmv1.ContainerStorageModule) if err := step.ctrlClient.Get(context.TODO(), client.ObjectKey{ Namespace: cr.Namespace, @@ -1303,6 +1303,16 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, // get env variables if os.Getenv(endpointvar) != "" { endpoint = os.Getenv(endpointvar) + + if driver == "powerscale" { + port := os.Getenv("PSCALE_PORT") + if port == "" { + fmt.Println("=== PSCALE_PORT not set, using default port 8080 ===") + port = "8080" + } + + endpoint = endpoint + ":" + port + } } if os.Getenv(systemIdvar) != "" { sysID = os.Getenv(systemIdvar) diff --git a/tests/e2e/testfiles/powerscale-templates/karavi-authorization-config.json b/tests/e2e/testfiles/powerscale-templates/karavi-authorization-config.json index db4954d1b..3fbb297d9 100644 --- a/tests/e2e/testfiles/powerscale-templates/karavi-authorization-config.json +++ b/tests/e2e/testfiles/powerscale-templates/karavi-authorization-config.json @@ -1,8 +1,8 @@ [{ "username":"-", "password":"-", - "intendedEndpoint":"https://REPLACE_ENDPOINT", - "endpoint":"https://REPLACE_AUTH_ENDPOINT:REPLACE_PORT", + "intendedEndpoint":"https://REPLACE_ENDPOINT:REPLACE_PORT", + "endpoint":"https://REPLACE_AUTH_ENDPOINT:REPLACE_AUTH_PORT", "systemID": "REPLACE_CLUSTERNAME", "insecure":true, "isDefault":true diff --git a/tests/e2e/testfiles/powerscale-templates/powerscale-auth-secret-template.yaml b/tests/e2e/testfiles/powerscale-templates/powerscale-auth-secret-template.yaml index e442ca485..ff6675556 100644 --- a/tests/e2e/testfiles/powerscale-templates/powerscale-auth-secret-template.yaml +++ b/tests/e2e/testfiles/powerscale-templates/powerscale-auth-secret-template.yaml @@ -1,9 +1,11 @@ isilonClusters: - clusterName: "REPLACE_CLUSTERNAME" - username: "REPLACE_USER" - password: "REPLACE_PASS" + username: "-" + password: "-" isDefault: true endpoint: "REPLACE_AUTH_ENDPOINT" - endpointPort: "REPLACE_PORT" + endpointPort: REPLACE_AUTH_PORT skipCertificateValidation: true mountEndpoint: "REPLACE_ENDPOINT" + isiPath: "/ifs/data/csi" + isiVolumePathPermissions: "0777" diff --git a/tests/e2e/testfiles/powerscale-templates/powerscale-secret-template.yaml b/tests/e2e/testfiles/powerscale-templates/powerscale-secret-template.yaml index 7d04acbe5..95e0132a5 100644 --- a/tests/e2e/testfiles/powerscale-templates/powerscale-secret-template.yaml +++ b/tests/e2e/testfiles/powerscale-templates/powerscale-secret-template.yaml @@ -5,4 +5,4 @@ isilonClusters: isDefault: true endpoint: "REPLACE_ENDPOINT" skipCertificateValidation: true - endpointPort: 8080 + endpointPort: "REPLACE_PORT" diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 8332a7b7a..10884e226 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -263,7 +263,7 @@ - scenario: "Install PowerScale Driver(With Authorization V1)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_auth.yaml" tags: - "authorizationproxyserver" @@ -367,13 +367,12 @@ - scenario: "Install PowerScale Driver, Enable/Disable Authorization V1 module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale.yaml" tags: - "authorizationproxyserver" - "authorization" - "powerscale" - # - "sanity" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create [authorization-proxy-server] prerequisites from CR [1]" @@ -387,13 +386,14 @@ - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is not installed" - "Enable [authorization] module from CR [2]" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] name [isilon-creds-auth] in namespace [isilon] for [pscaleAuth]" - "Set secret for driver from CR [2] to [isilon-creds-auth]" - "Set up secret with template [testfiles/powerscale-templates/karavi-authorization-config.json] name [karavi-authorization-config] in namespace [isilon] for [pscaleAuthSidecar]" - "Set up secret with template [testfiles/authorization-templates/rootCertificate.pem] name [proxy-server-root-certificate] in namespace [isilon] for [authSidecarCert]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" - - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds-auth] in namespace [isilon] for [pscale]" - "Disable [authorization] module from CR [2]" + - "Set secret for driver from CR [2] to [isilon-creds]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is not installed" # cleanup @@ -403,6 +403,8 @@ - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" + - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" + - "Restore template [testfiles/powerscale-templates/rootCertificate.pem] for [authSidecarCert]" - scenario: "Install PowerScale Driver(With Observability)" paths: @@ -435,6 +437,7 @@ - "observability" steps: - "Given an environment with k8s or openshift, and CSM operator installed" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powerscale] driver from CR [1] is installed" @@ -449,6 +452,7 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - scenario: "Install PowerScale Driver(With Observability and Custom Certs)" paths: @@ -478,7 +482,6 @@ - "authorization" - "powerscale" - "observability" - # - "sanity" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create [authorization-proxy-server] prerequisites from CR [1]" @@ -534,6 +537,7 @@ - "Set secret for driver from CR [2] to [isilon-creds-auth]" - "Set up secret with template [testfiles/powerscale-templates/karavi-authorization-config.json] name [karavi-authorization-config] in namespace [isilon] for [pscaleAuthSidecar]" - "Set up secret with template [testfiles/authorization-templates/rootCertificate.pem] name [proxy-server-root-certificate] in namespace [isilon] for [authSidecarCert]" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] name [isilon-creds-auth] in namespace [isilon] for [pscaleAuth]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" - "Validate [observability] module from CR [2] is not installed" @@ -547,8 +551,10 @@ - "Delete custom resource [1]" - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" + - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" + - "Restore template [testfiles/authorization-templates/rootCertificate.pem] for [authSidecarCert]" -- scenario: "Install PowerScale Driver(With Authorization V1 and Observability), Disable Authorization module, Disable Observability module" +- scenario: "Install PowerScale Driver(With Authorization V1 and Observability), Disable Observability module, Disable Authorization module" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_observability_auth.yaml" @@ -572,14 +578,15 @@ - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is installed" - "Validate [observability] module from CR [2] is installed" + - "Disable [observability] module from CR [2]" + - "Validate [powerscale] driver from CR [2] is installed" + - "Validate [authorization] module from CR [2] is installed" + - "Validate [observability] module from CR [2] is not installed" - "Disable [authorization] module from CR [2]" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - "Set secret for driver from CR [2] to [isilon-creds]" - "Validate [powerscale] driver from CR [2] is installed" - "Validate [authorization] module from CR [2] is not installed" - - "Validate [observability] module from CR [2] is installed" - - "Disable [observability] module from CR [2]" - - "Validate [powerscale] driver from CR [2] is installed" - - "Validate [authorization] module from CR [2] is not installed" - "Validate [observability] module from CR [2] is not installed" - "Run custom test" # cleanup @@ -590,6 +597,7 @@ - "Restore template [testfiles/powerscale-templates/powerscale-auth-secret-template.yaml] for [pscaleAuth]" - "Restore template [testfiles/powerscale-templates/karavi-authorization-config.json] for [pscaleAuthSidecar]" - "Restore template [testfiles/authorization-templates/rootCertificate.pem] for [authSidecarCert]" + - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" customTest: name: Cert CSI run: @@ -1183,6 +1191,7 @@ - "resiliency" steps: - "Given an environment with k8s or openshift, and CSM operator installed" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powerscale] driver from CR [1] is installed" @@ -1191,6 +1200,7 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" customTest: name: CustomTest run: @@ -1205,6 +1215,7 @@ - "sanity" steps: - "Given an environment with k8s or openshift, and CSM operator installed" + - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powerscale] driver from CR [1] is installed" @@ -1218,6 +1229,7 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - scenario: "Install PowerScale Driver and PowerFlex Driver, uninstall PowerFlex Driver" paths: diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index e1172fd30..953f7b7d2 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -312,6 +312,14 @@ spec: # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string image: dellemc/csm-topology:v1.9.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -324,12 +332,27 @@ spec: # image: Defines otel-collector image. This shouldn't be changed # Allowed values: string image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" envs: # image of nginx proxy image # Allowed values: string # Default value: "nginxinc/nginx-unprivileged:1.20" - name: "NGINX_PROXY_IMAGE" value: "nginxinc/nginx-unprivileged:1.20" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: false - name: metrics-powerscale # enabled: Enable/Disable PowerScale metrics enabled: false diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index 99a1154c7..6176b4436 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -16,6 +16,7 @@ spec: replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: true + forceRemoveDriver: true common: image: "dellemc/csi-isilon:nightly" imagePullPolicy: IfNotPresent @@ -33,7 +34,7 @@ spec: # Allowed value: valid port number # Default value: 8080 - name: X_CSI_ISI_PORT - value: "" + value: "8080" # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. # This value acts as a default value for isiPath, if not specified for a cluster config in secret # Ensure that this path exists on PowerScale cluster. @@ -65,6 +66,13 @@ spec: # Default value: true - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION value: "true" + # X_CSI_ISI_AUTH_TYPE: Specify the authentication method to be used. + # Allowed values: + # 0: basic authentication + # 1: session-based authentication + # Default value: 0 + - name: X_CSI_ISI_AUTH_TYPE + value: "1" # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: # has to be used for making connection to backend PowerScale Array. # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 5409ef5bb..badf06f20 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -293,20 +293,3 @@ spec: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: isilon-config-params - namespace: isilon -data: - driver-config-params.yaml: | - CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "TEXT" - PODMON_CONTROLLER_LOG_LEVEL: "debug" - PODMON_CONTROLLER_LOG_FORMAT: "TEXT" - PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" -spec: - driver: - configVersion: v2.11.0 From 39e15abc4c95f12d7ce1e5ef9b738637185530a8 Mon Sep 17 00:00:00 2001 From: Rishabh Raj <120644626+rishabhatdell@users.noreply.github.com> Date: Thu, 26 Sep 2024 12:23:27 +0530 Subject: [PATCH 15/33] Update storage_csm_powerflex_replica.yaml --- tests/e2e/testfiles/storage_csm_powerflex_replica.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index 7b7f5b247..b72bc7d2b 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -221,4 +221,5 @@ spec: - name: dell-replication-controller-init # image: Defines replication init container image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 \ No newline at end of file + image: dellemc/dell-replication-init:v1.0.0 + From ca89db92d4f9335f1b7e52e38a222dd16f2718df Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Thu, 26 Sep 2024 07:00:08 +0000 Subject: [PATCH 16/33] fixed yaml lint errors --- tests/e2e/testfiles/storage_csm_powerflex_replica.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index b72bc7d2b..b863ec6ed 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -222,4 +222,3 @@ spec: # image: Defines replication init container image. This shouldn't be changed # Allowed values: string image: dellemc/dell-replication-init:v1.0.0 - From 5029b0eebce2fa25206971d8a5948fff52480705 Mon Sep 17 00:00:00 2001 From: Akshay Saini <109056238+AkshaySainiDell@users.noreply.github.com> Date: Thu, 26 Sep 2024 07:16:49 -0500 Subject: [PATCH 17/33] Fix pmaxCreds not set correctly in e2e (#706) * Fix pmaxCreds not set correctly in e2e * Update scenarios.yaml --- tests/e2e/testfiles/scenarios.yaml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 10884e226..4332d8b2f 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -1555,6 +1555,7 @@ steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create storageclass with name [powermax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" @@ -1562,6 +1563,8 @@ # Last two steps perform Clean Up - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" customTest: name: Cert CSI run: @@ -1575,7 +1578,7 @@ steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create storageclass with name [powermax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - - "Set up secret with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmax]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" @@ -1583,8 +1586,8 @@ # Last two steps perform Clean Up - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmax]" - - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmax]" + - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" customTest: name: Cert CSI run: @@ -1599,7 +1602,7 @@ steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - - "Set up secret with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmax]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" @@ -1607,8 +1610,8 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmax]" - - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmax]" + - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" - scenario: "Install PowerMax Driver (With Auth module)" paths: @@ -1637,6 +1640,7 @@ - "Enable forceRemoveDriver on CR [2]" - "Delete custom resource [2]" - "Delete custom resource [1]" + - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - "Restore template [testfiles/powermax-templates/csm-authorization-config.json] for [pmaxAuthSidecar]" - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" - "Restore template [testfiles/powermax-templates/powermax_reverse_proxy_config.yaml] for [pmaxReverseProxy]" From 40c00131725e520111386f0bf7990fcf60fff84b Mon Sep 17 00:00:00 2001 From: JacobGros Date: Thu, 26 Sep 2024 16:27:01 -0400 Subject: [PATCH 18/33] Revert "fixed yaml lint errors" This reverts commit ca89db92d4f9335f1b7e52e38a222dd16f2718df. --- tests/e2e/testfiles/storage_csm_powerflex_replica.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index b863ec6ed..b72bc7d2b 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -222,3 +222,4 @@ spec: # image: Defines replication init container image. This shouldn't be changed # Allowed values: string image: dellemc/dell-replication-init:v1.0.0 + From ff9f05003b6c5534987ad54b393dee46b0b6e50d Mon Sep 17 00:00:00 2001 From: JacobGros Date: Thu, 26 Sep 2024 16:27:26 -0400 Subject: [PATCH 19/33] Revert "yamllint fixes" This reverts commit e7839735c6957bdf370a08949edd20328c9d0ba3. --- operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml | 2 +- .../testfiles/application-mobility-templates/velero-values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml index f18eb6b7f..0e7dc16bb 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml index 31aab1e4b..0bd3f9acb 100644 --- a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml @@ -34,7 +34,7 @@ configuration: bucket: REPLACE_BUCKET_NAME default: true config: - {region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL} + { region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL } volumeSnapshotLocation: - name: default From 8817b28a78c6bfd7b87791420ee9a7dabe7fcfc7 Mon Sep 17 00:00:00 2001 From: JacobGros Date: Thu, 26 Sep 2024 16:27:38 -0400 Subject: [PATCH 20/33] Revert "yamllint fixes" This reverts commit 8591919549d18c5e7d7582d7bdfd0fd96da359bc. --- operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml | 2 +- operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml | 2 +- operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml | 2 +- .../moduleconfig/authorization/v2.0.0-alpha/policies.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml index f18eb6b7f..0e7dc16bb 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml index f18eb6b7f..0e7dc16bb 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml index f18eb6b7f..0e7dc16bb 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml index 4f12026db..ff1ac70a9 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/policies.yaml @@ -96,7 +96,7 @@ data: default claims = {} claims = input.claims - deny[msg] { + deny[msg] { claims == {} msg := sprintf("missing claims", []) } From 7c0ad3fb58b528f6618bdf237661a7e1110c4f29 Mon Sep 17 00:00:00 2001 From: JacobGros Date: Thu, 26 Sep 2024 16:27:52 -0400 Subject: [PATCH 21/33] Revert "yamllint fixes" This reverts commit d919c7065890b54e07e438c773910ed88cbd6c02. --- .github/workflows/actions.yml | 12 +- ...er-manager-metrics-service_v1_service.yaml | 8 +- ...ole_rbac.authorization.k8s.io_v1_role.yaml | 62 +- ...c.authorization.k8s.io_v1_rolebinding.yaml | 6 +- ...c.authorization.k8s.io_v1_clusterrole.yaml | 8 +- ...c.authorization.k8s.io_v1_clusterrole.yaml | 24 +- ...rization.k8s.io_v1_clusterrolebinding.yaml | 6 +- ...ll-csm-operator.clusterserviceversion.yaml | 6696 ++++++++--------- ...rage.dell.com_apexconnectivityclients.yaml | 1445 ++-- ...rage.dell.com_containerstoragemodules.yaml | 3438 ++++----- bundle/tests/scorecard/config.yaml | 124 +- ...rage.dell.com_apexconnectivityclients.yaml | 1901 +++-- ...rage.dell.com_containerstoragemodules.yaml | 3438 ++++----- config/crd/kustomization.yaml | 6 +- config/crd/kustomizeconfig.yaml | 24 +- config/crd/patches/webhook_in_csms.yaml | 2 +- config/default/kustomization.yaml | 16 +- config/default/manager_auth_proxy_patch.yaml | 32 +- config/default/manager_config_patch.yaml | 20 +- config/install/kustomization.yaml | 6 +- config/manager/kustomization.yaml | 14 +- config/manager/manager.yaml | 166 +- ...ll-csm-operator.clusterserviceversion.yaml | 4190 +++++------ config/manifests/kustomization.yaml | 9 +- config/prometheus/kustomization.yaml | 2 +- config/prometheus/monitor.yaml | 1 + .../application_mobility_clusterrole.yaml | 12 +- .../application_mobility_role_binding.yaml | 6 +- .../rbac/auth_proxy_client_clusterrole.yaml | 8 +- config/rbac/auth_proxy_role.yaml | 24 +- config/rbac/auth_proxy_role_binding.yaml | 6 +- config/rbac/auth_proxy_service.yaml | 8 +- config/rbac/csm_editor_role.yaml | 36 +- config/rbac/csm_viewer_role.yaml | 28 +- config/rbac/kustomization.yaml | 36 +- config/rbac/leader_election_role.yaml | 62 +- config/rbac/leader_election_role_binding.yaml | 6 +- config/rbac/role.yaml | 2270 +++--- config/rbac/role_binding.yaml | 6 +- config/samples/kustomization.yaml | 2 +- config/samples/storage_v1_csm_powerstore.yaml | 2 +- config/samples/storage_v1_csm_unity.yaml | 6 +- config/scorecard/bases/config.yaml | 4 +- config/scorecard/kustomization.yaml | 26 +- config/scorecard/patches/basic.config.yaml | 4 +- config/scorecard/patches/olm.config.yaml | 20 +- config/serviceaccount/kustomization.yaml | 2 +- deploy/crds/storage.dell.com.crds.all.yaml | 4582 +++++------ deploy/operator.yaml | 2574 +++---- .../v1.0.0/brownfield-onboard.yaml | 2 +- .../v1.0.0/statefulset.yaml | 8 +- .../v1.0.0/upgrade-path.yaml | 2 +- .../v1.1.0/brownfield-onboard.yaml | 2 +- .../v1.1.0/statefulset.yaml | 8 +- .../powerflex/v2.10.0/controller.yaml | 24 +- .../powerflex/v2.10.0/csidriver.yaml | 14 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.0/node.yaml | 8 +- .../powerflex/v2.10.1/controller.yaml | 24 +- .../powerflex/v2.10.1/csidriver.yaml | 14 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.1/node.yaml | 8 +- .../powerflex/v2.11.0/csidriver.yaml | 14 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../powerflex/v2.9.0/controller.yaml | 24 +- .../powerflex/v2.9.0/csidriver.yaml | 14 +- .../v2.9.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.0/node.yaml | 8 +- .../powerflex/v2.9.1/controller.yaml | 24 +- .../powerflex/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powerflex/v2.9.1/node.yaml | 8 +- .../powerflex/v2.9.2/controller.yaml | 24 +- .../powerflex/v2.9.2/csidriver.yaml | 14 +- .../v2.9.2/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.2/node.yaml | 8 +- .../powermax/v2.10.0/controller.yaml | 24 +- .../powermax/v2.10.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.0/node.yaml | 14 +- .../powermax/v2.10.1/controller.yaml | 24 +- .../powermax/v2.10.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.1/node.yaml | 14 +- .../powermax/v2.11.0/csidriver.yaml | 14 +- .../powermax/v2.9.0/controller.yaml | 24 +- .../powermax/v2.9.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.0/node.yaml | 14 +- .../powermax/v2.9.1/controller.yaml | 24 +- .../powermax/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.1/node.yaml | 14 +- .../powerscale/v2.10.0/controller.yaml | 24 +- .../powerscale/v2.10.0/csidriver.yaml | 12 +- .../v2.10.0/driver-config-params.yaml | 1 + .../driverconfig/powerscale/v2.10.0/node.yaml | 10 +- .../powerscale/v2.10.1/controller.yaml | 24 +- .../powerscale/v2.10.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.1/node.yaml | 10 +- .../powerscale/v2.11.0/controller.yaml | 2 +- .../powerscale/v2.11.0/csidriver.yaml | 12 +- .../v2.11.0/driver-config-params.yaml | 1 + .../powerscale/v2.9.0/controller.yaml | 24 +- .../powerscale/v2.9.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.0/node.yaml | 10 +- .../powerscale/v2.9.1/controller.yaml | 24 +- .../powerscale/v2.9.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.1/node.yaml | 10 +- .../powerstore/v2.10.0/controller.yaml | 21 +- .../powerstore/v2.10.0/csidriver.yaml | 2 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.0/node.yaml | 4 +- .../powerstore/v2.10.1/controller.yaml | 21 +- .../powerstore/v2.10.1/csidriver.yaml | 2 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.1/node.yaml | 4 +- .../powerstore/v2.11.0/controller.yaml | 3 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../powerstore/v2.11.1/controller.yaml | 3 +- .../v2.11.1/driver-config-params.yaml | 2 +- .../powerstore/v2.9.0/controller.yaml | 21 +- .../powerstore/v2.9.0/csidriver.yaml | 2 +- .../v2.9.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.0/node.yaml | 4 +- .../powerstore/v2.9.0/upgrade-path.yaml | 2 +- .../powerstore/v2.9.1/controller.yaml | 21 +- .../powerstore/v2.9.1/csidriver.yaml | 2 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.1/node.yaml | 4 +- .../unity/v2.10.0/controller.yaml | 26 +- .../driverconfig/unity/v2.10.0/csidriver.yaml | 16 +- .../unity/v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.10.0/node.yaml | 6 +- .../unity/v2.10.1/controller.yaml | 26 +- .../driverconfig/unity/v2.10.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.1/node.yaml | 6 +- .../driverconfig/unity/v2.11.0/csidriver.yaml | 16 +- .../unity/v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.11.1/csidriver.yaml | 16 +- .../unity/v2.11.1/driver-config-params.yaml | 2 +- .../driverconfig/unity/v2.9.0/controller.yaml | 26 +- .../driverconfig/unity/v2.9.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.0/node.yaml | 6 +- .../unity/v2.9.0/upgrade-path.yaml | 2 +- .../driverconfig/unity/v2.9.1/controller.yaml | 26 +- .../driverconfig/unity/v2.9.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.1/node.yaml | 6 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.0/app-mobility-crds.yaml | 1245 ++- .../v1.0.0/app-mobility-webhook-service.yaml | 136 +- .../v1.0.0/certificate.yaml | 6 +- .../v1.0.0/velero-backupstoragelocation.yaml | 8 +- .../v1.0.0/velero-crds.yaml | 4891 ++++++------ .../v1.0.0/velero-deployment.yaml | 22 +- .../v1.0.0/velero-secret.yaml | 2 +- .../v1.0.0/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.1/app-mobility-crds.yaml | 1245 ++- .../v1.0.1/app-mobility-webhook-service.yaml | 136 +- .../v1.0.1/certificate.yaml | 6 +- .../v1.0.1/velero-backupstoragelocation.yaml | 8 +- .../v1.0.1/velero-crds.yaml | 4891 ++++++------ .../v1.0.1/velero-deployment.yaml | 22 +- .../v1.0.1/velero-secret.yaml | 2 +- .../v1.0.1/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.2/app-mobility-crds.yaml | 1245 ++- .../v1.0.2/app-mobility-webhook-service.yaml | 136 +- .../v1.0.2/certificate.yaml | 6 +- .../v1.0.2/velero-backupstoragelocation.yaml | 8 +- .../v1.0.2/velero-crds.yaml | 4891 ++++++------ .../v1.0.2/velero-deployment.yaml | 22 +- .../v1.0.2/velero-secret.yaml | 2 +- .../v1.0.2/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 50 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.0.3/app-mobility-crds.yaml | 1245 ++- .../v1.0.3/app-mobility-webhook-service.yaml | 136 +- .../v1.0.3/certificate.yaml | 6 +- .../v1.0.3/velero-backupstoragelocation.yaml | 8 +- .../v1.0.3/velero-crds.yaml | 4891 ++++++------ .../v1.0.3/velero-deployment.yaml | 22 +- .../v1.0.3/velero-secret.yaml | 2 +- .../v1.0.3/velero-volumesnapshotlocation.yaml | 4 +- ...ty-controller-manager-metrics-service.yaml | 16 +- .../app-mobility-controller-manager.yaml | 1034 +-- .../v1.1.0/app-mobility-crds.yaml | 1245 ++- .../v1.1.0/app-mobility-webhook-service.yaml | 86 +- .../v1.1.0/certificate.yaml | 6 +- .../v1.1.0/velero-backupstoragelocation.yaml | 8 +- .../v1.1.0/velero-crds.yaml | 5977 +++++++-------- .../v1.1.0/velero-deployment.yaml | 22 +- .../v1.1.0/velero-secret.yaml | 2 +- .../v1.1.0/velero-volumesnapshotlocation.yaml | 4 +- .../authorization/v1.10.0/cert-manager.yaml | 170 +- .../authorization/v1.10.0/deployment.yaml | 284 +- .../v1.10.0/local-provisioner.yaml | 4 +- .../v1.10.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.10.1/cert-manager.yaml | 170 +- .../authorization/v1.10.1/deployment.yaml | 284 +- .../v1.10.1/local-provisioner.yaml | 4 +- .../v1.10.1/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.11.0/cert-manager.yaml | 170 +- .../authorization/v1.11.0/deployment.yaml | 284 +- .../v1.11.0/local-provisioner.yaml | 4 +- .../v1.11.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.9.0/cert-manager.yaml | 170 +- .../authorization/v1.9.0/deployment.yaml | 286 +- .../v1.9.0/nginx-ingress-controller.yaml | 689 +- .../authorization/v1.9.1/cert-manager.yaml | 170 +- .../authorization/v1.9.1/deployment.yaml | 286 +- .../v1.9.1/nginx-ingress-controller.yaml | 689 +- .../v2.0.0-alpha/authorization-crds.yaml | 738 +- .../v2.0.0-alpha/cert-manager.yaml | 170 +- .../v2.0.0-alpha/deployment.yaml | 640 +- .../v2.0.0-alpha/local-provisioner.yaml | 2 +- .../nginx-ingress-controller.yaml | 688 +- .../moduleconfig/common/cert-manager.yaml | 187 +- .../common/cert-manager/cert-manager.yaml | 413 +- .../moduleconfig/common/version-values.yaml | 100 +- .../csireverseproxy/v2.8.1/container.yaml | 2 +- .../observability/v1.7.0/custom-cert.yaml | 8 +- .../v1.7.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.7.0/karavi-metrics-powermax.yaml | 9 +- .../v1.7.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.7.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.7.0/karavi-topology.yaml | 5 + .../observability/v1.7.0/selfsigned-cert.yaml | 7 +- .../observability/v1.8.0/custom-cert.yaml | 8 +- .../v1.8.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.8.0/karavi-metrics-powermax.yaml | 9 +- .../v1.8.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.8.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.8.0/karavi-topology.yaml | 5 + .../observability/v1.8.0/selfsigned-cert.yaml | 7 +- .../observability/v1.8.1/custom-cert.yaml | 8 +- .../v1.8.1/karavi-metrics-powerflex.yaml | 7 +- .../v1.8.1/karavi-metrics-powermax.yaml | 9 +- .../v1.8.1/karavi-metrics-powerscale.yaml | 9 +- .../v1.8.1/karavi-otel-collector.yaml | 13 +- .../observability/v1.8.1/karavi-topology.yaml | 5 + .../observability/v1.8.1/selfsigned-cert.yaml | 7 +- .../observability/v1.9.0/custom-cert.yaml | 8 +- .../v1.9.0/karavi-metrics-powerflex.yaml | 7 +- .../v1.9.0/karavi-metrics-powermax.yaml | 9 +- .../v1.9.0/karavi-metrics-powerscale.yaml | 9 +- .../v1.9.0/karavi-otel-collector.yaml | 13 +- .../observability/v1.9.0/karavi-topology.yaml | 5 + .../observability/v1.9.0/selfsigned-cert.yaml | 7 +- .../replication/v1.7.0/controller.yaml | 398 +- .../v1.7.0/replicationcrds.all.yaml | 411 +- .../replication/v1.7.0/rules.yaml | 18 +- .../replication/v1.7.1/controller.yaml | 398 +- .../v1.7.1/replicationcrds.all.yaml | 411 +- .../replication/v1.7.1/rules.yaml | 18 +- .../replication/v1.8.0/controller.yaml | 398 +- .../v1.8.0/replicationcrds.all.yaml | 411 +- .../replication/v1.8.0/rules.yaml | 18 +- .../replication/v1.8.1/controller.yaml | 398 +- .../v1.8.1/replicationcrds.all.yaml | 411 +- .../replication/v1.8.1/rules.yaml | 18 +- .../replication/v1.9.0/controller.yaml | 398 +- .../v1.9.0/replicationcrds.all.yaml | 411 +- .../replication/v1.9.0/rules.yaml | 18 +- .../container-powerflex-controller.yaml | 2 +- .../v1.10.0/container-powerflex-node.yaml | 2 +- .../v1.10.0/container-powermax-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.10.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.10.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.10.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.8.0/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.8.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.8.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.8.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.8.1/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.8.1/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.8.1/container-powerstore-node.yaml | 2 +- .../resiliency/v1.8.1/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.9.0/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.9.0/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.9.0/container-powerstore-node.yaml | 2 +- .../resiliency/v1.9.0/node-roles.yaml | 2 +- .../container-powerflex-controller.yaml | 2 +- .../v1.9.1/container-powerflex-node.yaml | 2 +- .../container-powerscale-controller.yaml | 2 +- .../v1.9.1/container-powerscale-node.yaml | 2 +- .../container-powerstore-controller.yaml | 2 +- .../v1.9.1/container-powerstore-node.yaml | 2 +- .../resiliency/v1.9.1/node-roles.yaml | 2 +- ...ty-controller-manager-metrics-service.yaml | 4 +- .../app-mobility-controller-manager.yaml | 4 +- .../v1.1.0/app-mobility-webhook-service.yaml | 4 +- .../testdata/cr_application_mobility.yaml | 4 +- ...cr_application_mobility_custom_region.yaml | 4 +- .../testdata/cr_powerflex_observability.yaml | 4 +- ...r_powerflex_observability_custom_cert.yaml | 4 +- ...observability_custom_cert_missing_key.yaml | 4 +- .../testdata/cr_powermax_resiliency.yaml | 1 + .../csm-authorization_csmtenant.yaml | 2 +- .../csm_authorization_proxy_server_v190.yaml | 108 +- .../csm_authorization_proxy_server_v191.yaml | 108 +- ...authorization_proxy_server_v200-alpha.yaml | 3 +- samples/csireverseproxy/config.yaml | 4 +- .../1.6.1/storage_csm_powerflex_v2110.yaml | 6 +- .../1.6.1/storage_csm_powerstore_v2111.yaml | 2 +- .../ocp/1.6.1/storage_csm_unity_v2111.yaml | 2 +- samples/storage_csm_powerflex_v2101.yaml | 123 +- samples/storage_csm_powermax_v2101.yaml | 146 +- samples/storage_csm_powermax_v291.yaml | 146 +- samples/storage_csm_powerscale_v2101.yaml | 272 +- samples/storage_csm_powerscale_v291.yaml | 272 +- .../apexconnectivityclient/v1.0.0/bad.yaml | 4 +- .../v1.0.0/statefulset.yaml | 12 +- .../apexconnectivityclient/v1.1.0/bad.yaml | 4 +- .../v1.1.0/statefulset.yaml | 12 +- .../clientconfig/badclient/badClient/bad.yaml | 4 +- .../clientconfig/badclient/statefulset.yaml | 4 +- .../badclient/v1.0.0/statefulset.yaml | 4 +- .../badclient/v1.1.0/statefulset.yaml | 4 +- .../driverconfig/badDriver/v2.10.0/bad.yaml | 4 +- .../badDriver/v2.10.0/controller.yaml | 4 +- .../badDriver/v2.10.0/csidriver.yaml | 4 +- .../v2.10.0/driver-config-params.yaml | 5 +- .../badDriver/v2.10.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.10.1/bad.yaml | 4 +- .../badDriver/v2.10.1/controller.yaml | 4 +- .../badDriver/v2.10.1/csidriver.yaml | 4 +- .../v2.10.1/driver-config-params.yaml | 5 +- .../badDriver/v2.10.1/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.11.0/bad.yaml | 4 +- .../badDriver/v2.11.0/controller.yaml | 4 +- .../badDriver/v2.11.0/csidriver.yaml | 4 +- .../v2.11.0/driver-config-params.yaml | 5 +- .../badDriver/v2.11.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.11.1/bad.yaml | 4 +- .../badDriver/v2.11.1/controller.yaml | 4 +- .../badDriver/v2.11.1/csidriver.yaml | 4 +- .../v2.11.1/driver-config-params.yaml | 5 +- .../badDriver/v2.11.1/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.9.0/bad.yaml | 4 +- .../badDriver/v2.9.0/controller.yaml | 4 +- .../badDriver/v2.9.0/csidriver.yaml | 4 +- .../v2.9.0/driver-config-params.yaml | 5 +- .../badDriver/v2.9.0/upgrade-path.yaml | 4 +- .../driverconfig/badDriver/v2.9.1/bad.yaml | 4 +- .../badDriver/v2.9.1/controller.yaml | 4 +- .../badDriver/v2.9.1/csidriver.yaml | 4 +- .../v2.9.1/driver-config-params.yaml | 5 +- .../badDriver/v2.9.1/upgrade-path.yaml | 4 +- .../driverconfig/powerflex/v2.10.0/bad.yaml | 4 +- .../powerflex/v2.10.0/controller.yaml | 24 +- .../powerflex/v2.10.0/csidriver.yaml | 14 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.0/node.yaml | 8 +- .../driverconfig/powerflex/v2.10.1/bad.yaml | 4 +- .../powerflex/v2.10.1/controller.yaml | 24 +- .../powerflex/v2.10.1/csidriver.yaml | 14 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.10.1/node.yaml | 8 +- .../driverconfig/powerflex/v2.11.0/bad.yaml | 4 +- .../powerflex/v2.11.0/controller.yaml | 24 +- .../powerflex/v2.11.0/csidriver.yaml | 14 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.11.0/node.yaml | 8 +- .../driverconfig/powerflex/v2.9.1/bad.yaml | 4 +- .../powerflex/v2.9.1/controller.yaml | 24 +- .../powerflex/v2.9.1/csidriver.yaml | 14 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerflex/v2.9.1/node.yaml | 8 +- .../driverconfig/powermax/v2.10.0/bad.yaml | 4 +- .../powermax/v2.10.0/controller.yaml | 26 +- .../powermax/v2.10.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.0/node.yaml | 8 +- .../driverconfig/powermax/v2.10.1/bad.yaml | 4 +- .../powermax/v2.10.1/controller.yaml | 26 +- .../powermax/v2.10.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.10.1/node.yaml | 8 +- .../driverconfig/powermax/v2.11.0/bad.yaml | 4 +- .../powermax/v2.11.0/controller.yaml | 26 +- .../powermax/v2.11.0/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.11.0/node.yaml | 8 +- .../driverconfig/powermax/v2.9.1/bad.yaml | 4 +- .../powermax/v2.9.1/controller.yaml | 26 +- .../powermax/v2.9.1/csidriver.yaml | 14 +- .../driverconfig/powermax/v2.9.1/node.yaml | 8 +- .../driverconfig/powerscale/v2.10.0/bad.yaml | 4 +- .../powerscale/v2.10.0/controller.yaml | 22 +- .../powerscale/v2.10.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.10.1/bad.yaml | 4 +- .../powerscale/v2.10.1/controller.yaml | 22 +- .../powerscale/v2.10.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.10.1/node.yaml | 10 +- .../driverconfig/powerscale/v2.11.0/bad.yaml | 4 +- .../powerscale/v2.11.0/controller.yaml | 22 +- .../powerscale/v2.11.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.11.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.9.0/bad.yaml | 4 +- .../powerscale/v2.9.0/controller.yaml | 22 +- .../powerscale/v2.9.0/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.0/node.yaml | 10 +- .../driverconfig/powerscale/v2.9.1/bad.yaml | 4 +- .../powerscale/v2.9.1/controller.yaml | 22 +- .../powerscale/v2.9.1/csidriver.yaml | 12 +- .../driverconfig/powerscale/v2.9.1/node.yaml | 10 +- .../driverconfig/powerstore/v2.10.0/bad.yaml | 4 +- .../powerstore/v2.10.0/controller.yaml | 21 +- .../powerstore/v2.10.0/csidriver.yaml | 2 +- .../v2.10.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.0/node.yaml | 6 +- .../driverconfig/powerstore/v2.10.1/bad.yaml | 4 +- .../powerstore/v2.10.1/controller.yaml | 21 +- .../powerstore/v2.10.1/csidriver.yaml | 2 +- .../v2.10.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.10.1/node.yaml | 6 +- .../driverconfig/powerstore/v2.11.0/bad.yaml | 4 +- .../powerstore/v2.11.0/controller.yaml | 21 +- .../powerstore/v2.11.0/csidriver.yaml | 2 +- .../v2.11.0/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.11.0/node.yaml | 6 +- .../driverconfig/powerstore/v2.11.1/bad.yaml | 4 +- .../powerstore/v2.11.1/controller.yaml | 21 +- .../powerstore/v2.11.1/csidriver.yaml | 2 +- .../v2.11.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.11.1/node.yaml | 6 +- .../driverconfig/powerstore/v2.9.1/bad.yaml | 4 +- .../powerstore/v2.9.1/controller.yaml | 21 +- .../powerstore/v2.9.1/csidriver.yaml | 2 +- .../v2.9.1/driver-config-params.yaml | 2 +- .../driverconfig/powerstore/v2.9.1/node.yaml | 6 +- .../driverconfig/unity/v2.10.0/bad.yaml | 4 +- .../unity/v2.10.0/controller.yaml | 26 +- .../driverconfig/unity/v2.10.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.0/node.yaml | 6 +- .../driverconfig/unity/v2.10.1/bad.yaml | 4 +- .../unity/v2.10.1/controller.yaml | 26 +- .../driverconfig/unity/v2.10.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.10.1/node.yaml | 6 +- .../driverconfig/unity/v2.11.0/bad.yaml | 4 +- .../unity/v2.11.0/controller.yaml | 26 +- .../driverconfig/unity/v2.11.0/csidriver.yaml | 16 +- .../driverconfig/unity/v2.11.0/node.yaml | 6 +- .../driverconfig/unity/v2.11.1/bad.yaml | 4 +- .../unity/v2.11.1/controller.yaml | 26 +- .../driverconfig/unity/v2.11.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.11.1/node.yaml | 6 +- .../config/driverconfig/unity/v2.9.1/bad.yaml | 4 +- .../driverconfig/unity/v2.9.1/controller.yaml | 26 +- .../driverconfig/unity/v2.9.1/csidriver.yaml | 16 +- .../driverconfig/unity/v2.9.1/node.yaml | 6 +- .../csm_application_mobility_n_minus_1.yaml | 164 +- .../csm_application_mobility_no_velero.yaml | 150 +- .../csm_application_mobility_vanilla.yaml | 149 +- .../csm_application_mobility_with_pflex.yaml | 150 +- ...m_application_mobility_with_pflex_alt.yaml | 150 +- .../powerflex_noAM.yaml | 167 +- .../velero-values.yaml | 20 +- tests/e2e/testfiles/appmob-values.yaml | 1 + .../csm-authorization-template.yaml | 2 + .../csm_authorization_crds.yaml | 738 +- .../csm_authorization_local_storage.yaml | 2 +- tests/e2e/testfiles/cert-manager-crds.yaml | 413 +- tests/e2e/testfiles/connectivity-values.yaml | 38 +- tests/e2e/testfiles/pflex-pscale-values.yaml | 10 +- .../powerflex-secret-template.yaml | 3 +- .../powerflex-storageclass-template.yaml | 10 +- .../powermax-secret-template.yaml | 2 +- .../powermax-storageclass-template.yaml | 1 + .../powermax_reverse_proxy_config.yaml | 2 +- .../testfiles/powerscale-cert-secret-0.yaml | 6 +- .../testfiles/powerscale-cert-secret-1.yaml | 6 +- .../testfiles/powerscale-cert-secret-2.yaml | 6 +- .../e2e/testfiles/powerscale-sc-alt-ifs.yaml | 1 + tests/e2e/testfiles/powerscale-sc.yaml | 1 + .../powerstore-secret-template.yaml | 4 +- .../sample-application/kustomization.yaml | 6 +- .../sample-application/mysql-deployment.yaml | 32 +- .../wordpress-deployment.yaml | 42 +- tests/e2e/testfiles/scenarios.yaml | 11 +- ...observability_upgrade_with_powerscale.yaml | 4 +- ...sm_powerflex_auth_driver_only_upgrade.yaml | 35 +- .../storage_csm_powerflex_auth_n_minus_1.yaml | 35 +- .../storage_csm_powerflex_downgrade.yaml | 125 +- .../storage_csm_powerflex_resiliency.yaml | 2 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 46 +- .../storage_csm_powermax_authorization.yaml | 46 +- .../storage_csm_powermax_observability.yaml | 46 +- .../storage_csm_powermax_resiliency.yaml | 44 +- ...m_powermax_reverseproxy_authorization.yaml | 4 +- .../storage_csm_powermax_sidecar.yaml | 44 +- .../storage_csm_powerscale_observability.yaml | 976 +-- ...erscale_observability_top_custom_cert.yaml | 976 +-- ...age_csm_powerscale_observability_val1.yaml | 280 +- ...age_csm_powerscale_observability_val2.yaml | 280 +- .../storage_csm_powerscale_resiliency.yaml | 2 +- .../e2e/testfiles/storage_csm_powerstore.yaml | 2 +- .../storage_csm_powerstore_resiliency.yaml | 2 +- 507 files changed, 44264 insertions(+), 47010 deletions(-) diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index 62bff70d9..202965ba1 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -115,12 +115,12 @@ jobs: uses: actions/checkout@v4 - name: Build Docker Images run: | - chmod +x ./scripts/build-ubi-micro.sh - make build-base-image - make -o gen-semver - podman build -t docker.io/csm-operator -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/csm-operator-ubimicro" - podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar - docker load -i /tmp/csm-operator.tar + chmod +x ./scripts/build-ubi-micro.sh + make build-base-image + make -o gen-semver + podman build -t docker.io/csm-operator -f ./Dockerfile --build-arg GOIMAGE=golang:latest --build-arg BASEIMAGE="localhost/csm-operator-ubimicro" + podman save docker.io/library/csm-operator -o /tmp/csm-operator.tar + docker load -i /tmp/csm-operator.tar - name: Scan controller Image uses: Azure/container-scan@v0 env: diff --git a/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml index ce8731775..d74ee1d5d 100644 --- a/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml +++ b/bundle/manifests/dell-csm-operator-controller-manager-metrics-service_v1_service.yaml @@ -7,10 +7,10 @@ metadata: name: dell-csm-operator-controller-manager-metrics-service spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager status: diff --git a/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml b/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml index 735b5c2b8..6b238f1da 100644 --- a/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml +++ b/bundle/manifests/dell-csm-operator-leader-election-role_rbac.authorization.k8s.io_v1_role.yaml @@ -4,34 +4,34 @@ metadata: creationTimestamp: null name: dell-csm-operator-leader-election-role rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml b/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml index 41033e2a0..c9bde6514 100644 --- a/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml +++ b/bundle/manifests/dell-csm-operator-leader-election-rolebinding_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -8,6 +8,6 @@ roleRef: kind: Role name: dell-csm-operator-leader-election-role subjects: - - kind: ServiceAccount - name: default - namespace: default +- kind: ServiceAccount + name: default + namespace: default diff --git a/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml index 03f1dd647..f9745ba6b 100644 --- a/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/dell-csm-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -4,7 +4,7 @@ metadata: creationTimestamp: null name: dell-csm-operator-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml index 6b03235b4..4eaa31e97 100644 --- a/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/dell-csm-operator-proxy-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -4,15 +4,15 @@ metadata: creationTimestamp: null name: dell-csm-operator-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml index 14b911166..f0d87323e 100644 --- a/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml +++ b/bundle/manifests/dell-csm-operator-proxy-rolebinding_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -8,6 +8,6 @@ roleRef: kind: ClusterRole name: dell-csm-operator-proxy-role subjects: - - kind: ServiceAccount - name: default - namespace: default +- kind: ServiceAccount + name: default + namespace: default diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 0e0cb522a..1dc250392 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -1466,2108 +1466,1936 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: - ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - displayName: Apex Connectivity Client - kind: ApexConnectivityClient - name: apexconnectivityclients.storage.dell.com - specDescriptors: - - description: - Common is the common specification for both controller and node - plugins - displayName: Common specification - path: client.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.common.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.common.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.common.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.common.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.common.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.common.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.common.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.common.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.common.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.common.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.common.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.common.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.common.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.common.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.common.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.common.veleroNamespace - - description: ConfigVersion is the configuration version of the client - displayName: Config Version - path: client.configVersion - - description: - ConnectionTarget is the target that the client connects to in - the Dell datacenter - displayName: Connection Target - path: client.connectionTarget - - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - displayName: Client Type - path: client.csmClientType - - description: - ForceRemoveClient is the boolean flag used to remove client deployment - when CR is deleted - displayName: Force Remove Client - path: client.forceRemoveClient - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.initContainers[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.initContainers[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.initContainers[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.initContainers[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.initContainers[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.initContainers[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.initContainers[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.initContainers[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.initContainers[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.initContainers[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.initContainers[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.initContainers[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.initContainers[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.initContainers[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.initContainers[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.initContainers[0].veleroNamespace - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: client.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.sideCars[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.sideCars[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.sideCars[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.sideCars[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.sideCars[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.sideCars[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.sideCars[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.sideCars[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.sideCars[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.sideCars[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.sideCars[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.sideCars[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.sideCars[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.sideCars[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.sideCars[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.sideCars[0].veleroNamespace - - description: UsePrivateCaCerts is used to specify private CA signed certs - displayName: Use Private CA Certs - path: client.usePrivateCaCerts - statusDescriptors: - - description: State is the state of the client installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - - description: - ContainerStorageModule is the Schema for the containerstoragemodules - API - displayName: Container Storage Module - kind: ContainerStorageModule - name: containerstoragemodules.storage.dell.com - specDescriptors: - - description: AuthSecret is the name of the credentials secret for the driver - displayName: Auth Secret - path: driver.authSecret - - description: - Common is the common specification for both controller and node - plugins - displayName: Common specification - path: driver.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.common.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.common.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.common.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.common.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.common.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.common.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.common.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.common.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.common.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.common.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.common.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.common.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.common.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.common.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.common.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.common.veleroNamespace - - description: ConfigVersion is the configuration version of the driver - displayName: Config Version - path: driver.configVersion - - description: Controller is the specification for Controller plugin only - displayName: Controller Specification - path: driver.controller - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.controller.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.controller.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.controller.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.controller.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.controller.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.controller.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.controller.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.controller.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.controller.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.controller.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.controller.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.controller.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.controller.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.controller.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.controller.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.controller.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.controller.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.controller.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.controller.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.controller.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.controller.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.controller.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.controller.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.controller.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.controller.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.controller.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.controller.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.controller.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.controller.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.controller.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.controller.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.controller.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.controller.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.controller.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.controller.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.controller.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.controller.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.controller.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.controller.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.controller.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.controller.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.controller.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.controller.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.controller.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.controller.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.controller.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.controller.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.controller.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.controller.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.controller.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.controller.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.controller.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.controller.veleroNamespace - - description: CSIDriverSpec is the specification for CSIDriver - displayName: CSI Driver Spec - path: driver.csiDriverSpec - - description: - CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - displayName: CSI Driver Type - path: driver.csiDriverType - - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - displayName: DNSPolicy - path: driver.dnsPolicy - - description: - ForceRemoveDriver is the boolean flag used to remove driver deployment - when CR is deleted - displayName: Force Remove Driver - path: driver.forceRemoveDriver - - description: - ForceUpdate is the boolean flag used to force an update of the - driver instance - displayName: Force update - path: driver.forceUpdate - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.initContainers[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.initContainers[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.initContainers[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.initContainers[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.initContainers[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.initContainers[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.initContainers[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.initContainers[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.initContainers[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.initContainers[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.initContainers[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.initContainers[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.initContainers[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.initContainers[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.initContainers[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.initContainers[0].veleroNamespace - - description: Node is the specification for Node plugin only - displayName: Node specification - path: driver.node - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.node.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.node.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.node.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.node.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.node.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.node.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.node.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.node.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.node.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.node.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.node.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.node.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.node.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.node.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.node.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.node.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.node.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.node.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.node.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.node.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.node.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.node.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.node.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.node.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.node.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.node.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.node.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.node.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.node.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.node.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.node.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.node.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.node.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.node.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.node.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.node.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.node.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.node.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.node.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.node.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.node.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.node.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.node.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.node.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.node.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.node.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.node.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.node.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.node.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.node.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.node.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.node.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.node.veleroNamespace - - description: Replicas is the count of controllers for Controller plugin - displayName: Controller count - path: driver.replicas - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: driver.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.sideCars[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.sideCars[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.sideCars[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.sideCars[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.sideCars[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.sideCars[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.sideCars[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.sideCars[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.sideCars[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.sideCars[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.sideCars[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.sideCars[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.sideCars[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.sideCars[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.sideCars[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.sideCars[0].veleroNamespace - - description: SnapshotClass is the specification for Snapshot Classes - displayName: Snapshot Classes - path: driver.snapshotClass - - description: Name is the name of the Snapshot Class - displayName: Snapshot Class Name - path: driver.snapshotClass[0].name - - description: - Parameters is a map of driver specific parameters for snapshot - class - displayName: Snapshot Class Parameters - path: driver.snapshotClass[0].parameters - - description: TLSCertSecret is the name of the TLS Cert secret - displayName: TLSCert Secret - path: driver.tlsCertSecret - - description: Components is the specification for CSM components containers - displayName: ContainerStorageModule components specification - path: modules[0].components - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].components[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].components[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].components[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].components[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].components[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].components[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].components[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].components[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].components[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].components[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].components[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].components[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].components[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].components[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].components[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].components[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].components[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].components[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].components[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].components[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].components[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].components[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].components[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].components[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].components[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].components[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].components[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].components[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].components[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].components[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].components[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].components[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].components[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].components[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].components[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].components[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].components[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].components[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].components[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].components[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].components[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].components[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].components[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].components[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].components[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].components[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].components[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].components[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].components[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].components[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].components[0].veleroNamespace - - description: ConfigVersion is the configuration version of the module - displayName: Config Version - path: modules[0].configVersion - - description: Enabled is used to indicate whether or not to deploy a module - displayName: Enabled - path: modules[0].enabled - - description: - ForceRemoveModule is the boolean flag used to remove authorization - proxy server deployment when CR is deleted - displayName: Force Remove Module - path: modules[0].forceRemoveModule - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].initContainer[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].initContainer[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].initContainer[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].initContainer[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].initContainer[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].initContainer[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].initContainer[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].initContainer[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].initContainer[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].initContainer[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].initContainer[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].initContainer[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].initContainer[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].initContainer[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].initContainer[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].initContainer[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].initContainer[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].initContainer[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].initContainer[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].initContainer[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].initContainer[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].initContainer[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].initContainer[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].initContainer[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].initContainer[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].initContainer[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].initContainer[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].initContainer[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].initContainer[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].initContainer[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].initContainer[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].initContainer[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].initContainer[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].initContainer[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].initContainer[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].initContainer[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].initContainer[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].initContainer[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].initContainer[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].initContainer[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].initContainer[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].initContainer[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].initContainer[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].initContainer[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].initContainer[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].initContainer[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].initContainer[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].initContainer[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].initContainer[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].initContainer[0].veleroNamespace - - description: Name is name of ContainerStorageModule modules - displayName: Name - path: modules[0].name - statusDescriptors: - - description: Number of Available Controller pods - displayName: Available - path: controllerStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Controller pods - displayName: Desired - path: controllerStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Controller pods - displayName: Failed - path: controllerStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Available Node pods - displayName: Available - path: nodeStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Node pods - displayName: Desired - path: nodeStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Node pods - displayName: Failed - path: nodeStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: State is the state of the driver installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - description: - "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator + - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + displayName: Apex Connectivity Client + kind: ApexConnectivityClient + name: apexconnectivityclients.storage.dell.com + specDescriptors: + - description: Common is the common specification for both controller and node + plugins + displayName: Common specification + path: client.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.common.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.common.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.common.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.common.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.common.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.common.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.common.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.common.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.common.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.common.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.common.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.common.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.common.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.common.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.common.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.common.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.common.veleroNamespace + - description: ConfigVersion is the configuration version of the client + displayName: Config Version + path: client.configVersion + - description: ConnectionTarget is the target that the client connects to in + the Dell datacenter + displayName: Connection Target + path: client.connectionTarget + - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + displayName: Client Type + path: client.csmClientType + - description: ForceRemoveClient is the boolean flag used to remove client deployment + when CR is deleted + displayName: Force Remove Client + path: client.forceRemoveClient + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.initContainers[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.initContainers[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.initContainers[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.initContainers[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.initContainers[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.initContainers[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.initContainers[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.initContainers[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.initContainers[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.initContainers[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.initContainers[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.initContainers[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.initContainers[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.initContainers[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.initContainers[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.initContainers[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.initContainers[0].veleroNamespace + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: client.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.sideCars[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.sideCars[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.sideCars[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.sideCars[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.sideCars[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.sideCars[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.sideCars[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.sideCars[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.sideCars[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.sideCars[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.sideCars[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.sideCars[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.sideCars[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.sideCars[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.sideCars[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.sideCars[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.sideCars[0].veleroNamespace + - description: UsePrivateCaCerts is used to specify private CA signed certs + displayName: Use Private CA Certs + path: client.usePrivateCaCerts + statusDescriptors: + - description: State is the state of the client installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + - description: ContainerStorageModule is the Schema for the containerstoragemodules + API + displayName: Container Storage Module + kind: ContainerStorageModule + name: containerstoragemodules.storage.dell.com + specDescriptors: + - description: AuthSecret is the name of the credentials secret for the driver + displayName: Auth Secret + path: driver.authSecret + - description: Common is the common specification for both controller and node + plugins + displayName: Common specification + path: driver.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.common.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.common.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.common.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.common.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.common.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.common.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.common.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.common.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.common.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.common.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.common.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.common.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.common.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.common.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.common.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.common.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.common.veleroNamespace + - description: ConfigVersion is the configuration version of the driver + displayName: Config Version + path: driver.configVersion + - description: Controller is the specification for Controller plugin only + displayName: Controller Specification + path: driver.controller + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.controller.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.controller.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.controller.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.controller.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.controller.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.controller.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.controller.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.controller.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.controller.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.controller.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.controller.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.controller.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.controller.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.controller.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.controller.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.controller.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.controller.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.controller.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.controller.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.controller.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.controller.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.controller.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.controller.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.controller.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.controller.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.controller.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.controller.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.controller.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.controller.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.controller.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.controller.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.controller.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.controller.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.controller.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.controller.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.controller.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.controller.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.controller.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.controller.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.controller.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.controller.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.controller.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.controller.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.controller.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.controller.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.controller.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.controller.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.controller.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.controller.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.controller.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.controller.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.controller.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.controller.veleroNamespace + - description: CSIDriverSpec is the specification for CSIDriver + displayName: CSI Driver Spec + path: driver.csiDriverSpec + - description: CSIDriverType is the CSI Driver type for Dell Technologies - + e.g, powermax, powerflex,... + displayName: CSI Driver Type + path: driver.csiDriverType + - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + displayName: DNSPolicy + path: driver.dnsPolicy + - description: ForceRemoveDriver is the boolean flag used to remove driver deployment + when CR is deleted + displayName: Force Remove Driver + path: driver.forceRemoveDriver + - description: ForceUpdate is the boolean flag used to force an update of the + driver instance + displayName: Force update + path: driver.forceUpdate + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.initContainers[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.initContainers[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.initContainers[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.initContainers[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.initContainers[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.initContainers[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.initContainers[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.initContainers[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.initContainers[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.initContainers[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.initContainers[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.initContainers[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.initContainers[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.initContainers[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.initContainers[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.initContainers[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.initContainers[0].veleroNamespace + - description: Node is the specification for Node plugin only + displayName: Node specification + path: driver.node + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.node.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.node.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.node.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.node.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.node.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.node.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.node.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.node.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.node.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.node.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.node.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.node.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.node.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.node.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.node.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.node.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.node.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.node.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.node.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.node.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.node.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.node.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.node.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.node.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.node.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.node.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.node.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.node.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.node.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.node.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.node.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.node.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.node.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.node.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.node.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.node.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.node.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.node.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.node.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.node.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.node.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.node.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.node.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.node.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.node.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.node.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.node.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.node.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.node.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.node.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.node.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.node.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.node.veleroNamespace + - description: Replicas is the count of controllers for Controller plugin + displayName: Controller count + path: driver.replicas + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: driver.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.sideCars[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.sideCars[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.sideCars[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.sideCars[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.sideCars[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.sideCars[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.sideCars[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.sideCars[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.sideCars[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.sideCars[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.sideCars[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.sideCars[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.sideCars[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.sideCars[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.sideCars[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.sideCars[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.sideCars[0].veleroNamespace + - description: SnapshotClass is the specification for Snapshot Classes + displayName: Snapshot Classes + path: driver.snapshotClass + - description: Name is the name of the Snapshot Class + displayName: Snapshot Class Name + path: driver.snapshotClass[0].name + - description: Parameters is a map of driver specific parameters for snapshot + class + displayName: Snapshot Class Parameters + path: driver.snapshotClass[0].parameters + - description: TLSCertSecret is the name of the TLS Cert secret + displayName: TLSCert Secret + path: driver.tlsCertSecret + - description: Components is the specification for CSM components containers + displayName: ContainerStorageModule components specification + path: modules[0].components + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].components[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].components[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].components[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].components[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].components[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].components[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].components[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].components[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].components[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].components[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].components[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].components[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].components[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].components[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].components[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].components[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].components[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].components[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].components[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].components[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].components[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].components[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].components[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].components[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].components[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].components[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].components[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].components[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].components[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].components[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].components[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].components[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].components[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].components[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].components[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].components[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].components[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].components[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].components[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].components[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].components[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].components[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].components[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].components[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].components[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].components[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].components[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].components[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].components[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].components[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].components[0].veleroNamespace + - description: ConfigVersion is the configuration version of the module + displayName: Config Version + path: modules[0].configVersion + - description: Enabled is used to indicate whether or not to deploy a module + displayName: Enabled + path: modules[0].enabled + - description: ForceRemoveModule is the boolean flag used to remove authorization + proxy server deployment when CR is deleted + displayName: Force Remove Module + path: modules[0].forceRemoveModule + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].initContainer[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].initContainer[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].initContainer[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].initContainer[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].initContainer[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].initContainer[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].initContainer[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].initContainer[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].initContainer[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].initContainer[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].initContainer[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].initContainer[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].initContainer[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].initContainer[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].initContainer[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].initContainer[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].initContainer[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].initContainer[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].initContainer[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].initContainer[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].initContainer[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].initContainer[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].initContainer[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].initContainer[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].initContainer[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].initContainer[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].initContainer[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].initContainer[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].initContainer[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].initContainer[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].initContainer[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].initContainer[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].initContainer[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].initContainer[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].initContainer[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].initContainer[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].initContainer[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].initContainer[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].initContainer[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].initContainer[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].initContainer[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].initContainer[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].initContainer[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].initContainer[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].initContainer[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].initContainer[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].initContainer[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].initContainer[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].initContainer[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].initContainer[0].veleroNamespace + - description: Name is name of ContainerStorageModule modules + displayName: Name + path: modules[0].name + statusDescriptors: + - description: Number of Available Controller pods + displayName: Available + path: controllerStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Controller pods + displayName: Desired + path: controllerStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Controller pods + displayName: Failed + path: controllerStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Available Node pods + displayName: Available + path: nodeStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Node pods + displayName: Desired + path: nodeStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Node pods + displayName: Failed + path: nodeStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: State is the state of the driver installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator which can be \nused to install and manage Dell’s CSI drivers and CSM modules. \nBy using Dell CSM Operator, enterprises can quickly and easily deploy the \nCSM modules for CSI drivers making it easy for DevOps \nteams to build and optimize @@ -3598,1354 +3426,1354 @@ spec: Solution Brief](https://www.delltechnologies.com/asset/en-us/products/storage/briefs-summaries/h17893-dellemc-storage-for-containers-kubernetes-csi-so.pdf)\n" displayName: Dell Container Storage Modules icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC + mediatype: image/png install: spec: clusterPermissions: - - rules: - - nonResourceURLs: - - /metrics - verbs: - - get - - apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - "*" - - apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch - - apiGroups: - - "*" - resourceNames: - - application-mobility-velero-server - resources: - - "*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update - - apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update - - apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update - - apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - "*" - - apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - serviceAccountName: dell-csm-operator-manager-service-account + - rules: + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - '*' + - apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch + - apiGroups: + - '*' + resourceNames: + - application-mobility-velero-server + resources: + - '*' + verbs: + - '*' + - apiGroups: + - acme.cert-manager.io + resources: + - '*/*' + verbs: + - '*' + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update + - apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update + - apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch + - apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - '*/*' + verbs: + - '*' + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - '*' + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update + - apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update + - apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update + - apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch + - apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update + - apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update + - apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update + - apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update + - apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + serviceAccountName: dell-csm-operator-manager-service-account deployments: - - label: - control-plane: controller-manager - name: dell-csm-operator-controller-manager - spec: - replicas: 1 - selector: - matchLabels: + - label: + control-plane: controller-manager + name: dell-csm-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + storage.dell.com/CSMVersion: v1.11.0 + labels: control-plane: controller-manager - strategy: {} - template: - metadata: - annotations: - storage.dell.com/CSMVersion: v1.11.0 - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {} - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - env: - - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.0 - - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.11.0 - - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.11.0 - - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.1 - - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.1 - - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - - name: RELATED_IMAGE_sdc - value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.9.0 - - name: RELATED_IMAGE_otel-collector - value: docker.io/otel/opentelemetry-collector:0.42.0 - - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.10.0 - - name: RELATED_IMAGE_kube-rbac-proxy - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - - name: RELATED_IMAGE_attacher - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - - name: RELATED_IMAGE_provisioner - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - - name: RELATED_IMAGE_registrar - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - - name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - - name: RELATED_IMAGE_externalhealthmonitorcontroller - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.8.0 - - name: RELATED_IMAGE_dell-connectivity-client - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - - name: RELATED_IMAGE_cert-persister - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.6.0 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi - securityContext: - allowPrivilegeEscalation: false + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: RELATED_IMAGE_dell-csm-operator + value: docker.io/dellemc/dell-csm-operator:v1.6.0 + - name: RELATED_IMAGE_csi-isilon + value: docker.io/dellemc/csi-isilon:v2.11.0 + - name: RELATED_IMAGE_csi-powermax + value: docker.io/dellemc/csi-powermax:v2.11.0 + - name: RELATED_IMAGE_csipowermax-reverseproxy + value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + - name: RELATED_IMAGE_csi-powerstore + value: docker.io/dellemc/csi-powerstore:v2.11.1 + - name: RELATED_IMAGE_csi-unity + value: docker.io/dellemc/csi-unity:v2.11.1 + - name: RELATED_IMAGE_csi-vxflexos + value: docker.io/dellemc/csi-vxflexos:v2.11.0 + - name: RELATED_IMAGE_sdc + value: docker.io/dellemc/sdc:4.5.2.1 + - name: RELATED_IMAGE_karavi-authorization-proxy + value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + - name: RELATED_IMAGE_dell-csi-replicator + value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + - name: RELATED_IMAGE_dell-replication-controller-manager + value: docker.io/dellemc/dell-replication-controller:v1.9.0 + - name: RELATED_IMAGE_topology + value: docker.io/dellemc/csm-topology:v1.9.0 + - name: RELATED_IMAGE_otel-collector + value: docker.io/otel/opentelemetry-collector:0.42.0 + - name: RELATED_IMAGE_metrics-powerscale + value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + - name: RELATED_IMAGE_metrics-powermax + value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + - name: RELATED_IMAGE_metrics-powerflex + value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + - name: RELATED_IMAGE_podmon-node + value: docker.io/dellemc/podmon:v1.10.0 + - name: RELATED_IMAGE_kube-rbac-proxy + value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + - name: RELATED_IMAGE_attacher + value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: RELATED_IMAGE_provisioner + value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + - name: RELATED_IMAGE_snapshotter + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: RELATED_IMAGE_registrar + value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: RELATED_IMAGE_resizer + value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: RELATED_IMAGE_externalhealthmonitorcontroller + value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + - name: RELATED_IMAGE_metadataretriever + value: dellemc/csi-metadata-retriever:v1.8.0 + - name: RELATED_IMAGE_dell-connectivity-client + value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + - name: RELATED_IMAGE_cert-persister + value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi securityContext: - runAsNonRoot: true - serviceAccountName: dell-csm-operator-manager-service-account - terminationGracePeriodSeconds: 10 + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: dell-csm-operator-manager-service-account + terminationGracePeriodSeconds: 10 strategy: deployment installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - Dell Container Storage Modules - - Dell CSI Driver - - Dell CSM Modules - - Powerflex - - Powerscale - - Powerstore - - Unity - - Authorization - - Observability - - Replication + - Dell Container Storage Modules + - Dell CSI Driver + - Dell CSM Modules + - Powerflex + - Powerscale + - Powerstore + - Unity + - Authorization + - Observability + - Replication links: - - name: Documentation - url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ + - name: Documentation + url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ maintainers: - - email: container.storage.modules@dell.com - name: Dell Container Storage Modules + - email: container.storage.modules@dell.com + name: Dell Container Storage Modules maturity: stable minKubeVersion: 1.28.0 provider: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.6.0 - name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.11.0 - name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.11.0 - name: csi-powermax - - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.1 - name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.1 - name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: csi-vxflexos - - image: docker.io/dellemc/sdc:4.5.2.1 - name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: dell-replication-controller-manager - - image: docker.io/dellemc/csm-topology:v1.9.0 - name: topology - - image: docker.io/otel/opentelemetry-collector:0.42.0 - name: otel-collector - - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: metrics-powerscale - - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: metrics-powermax - - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.10.0 - name: podmon-node - - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: attacher - - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: snapshotter - - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: registrar - - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: resizer - - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: externalhealthmonitorcontroller - - image: dellemc/csi-metadata-retriever:v1.8.0 - name: metadataretriever - - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: dell-connectivity-client - - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: cert-persister + - image: docker.io/dellemc/dell-csm-operator:v1.6.0 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.11.0 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.11.0 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.11.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.11.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5.2.1 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.9.0 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.10.0 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: attacher + - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: provisioner + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: snapshotter + - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: registrar + - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: resizer + - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: externalhealthmonitorcontroller + - image: dellemc/csi-metadata-retriever:v1.8.0 + name: metadataretriever + - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: dell-connectivity-client + - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: cert-persister skips: - - dell-csm-operator.v1.5.1 + - dell-csm-operator.v1.5.1 version: 1.6.0 diff --git a/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml b/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml index 473a05770..4394b42d3 100644 --- a/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml +++ b/bundle/manifests/storage.dell.com_apexconnectivityclients.yaml @@ -12,60 +12,344 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: - ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: - Common is the common specification for both controller - and node plugins + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: Common is the common specification for both controller + and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + commander: + description: Commander is the image tag for the Container + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyService: + description: ProxyService is the image tag for the Container + type: string + redis: + description: Redis is the image tag for the Container + type: string + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + storageService: + description: StorageService is the image tag for the Container + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the + client + type: string + connectionTarget: + description: ConnectionTarget is the target that the client connects + to in the Dell datacenter + type: string + csmClientType: + description: ClientType is the Client type for Dell Technologies + - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: ForceRemoveClient is the boolean flag used to remove + client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -73,70 +357,58 @@ spec: type: string type: array certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string commander: description: Commander is the image tag for the Container type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -152,9 +424,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -169,12 +440,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -183,17 +453,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -202,34 +470,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -239,29 +503,28 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -274,8 +537,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -285,8 +547,7 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyService: @@ -308,9 +569,8 @@ spec: description: TenantService is the image tag for the Container type: string tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -349,667 +609,316 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - configVersion: - description: - ConfigVersion is the configuration version of the - client - type: string - connectionTarget: - description: - ConnectionTarget is the target that the client connects - to in the Dell datacenter - type: string - csmClientType: - description: - ClientType is the Client type for Dell Technologies - - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: - ForceRemoveClient is the boolean flag used to remove - client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - commander: - description: Commander is the image tag for the Container - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. + type: array + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + commander: + description: Commander is the image tag for the Container + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyService: - description: ProxyService is the image tag for the Container - type: string - redis: - description: Redis is the image tag for the Container - type: string - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - storageService: - description: StorageService is the image tag for the Container - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - commander: - description: Commander is the image tag for the Container - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + licenseName: + description: LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - nodeSelector: - additionalProperties: - type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyService: + description: ProxyService is the image tag for the Container + type: string + redis: + description: Redis is the image tag for the Container + type: string + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + storageService: + description: StorageService is the image tag for the Container + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tolerations: + description: Tolerations is the list of tolerations for + the driver pods + items: description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyService: - description: ProxyService is the image tag for the Container - type: string - redis: - description: Redis is the image tag for the Container - type: string - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - storageService: - description: StorageService is the image tag for the Container - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: - UsePrivateCaCerts is used to specify private CA signed - certs - type: boolean - type: object - type: object - status: - description: - ApexConnectivityClientStatus defines the observed state of - ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: UsePrivateCaCerts is used to specify private CA signed + certs + type: boolean + type: object + type: object + status: + description: ApexConnectivityClientStatus defines the observed state of + ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml index ce75d071e..b3bb2c4ab 100644 --- a/bundle/manifests/storage.dell.com_containerstoragemodules.yaml +++ b/bundle/manifests/storage.dell.com_containerstoragemodules.yaml @@ -12,65 +12,815 @@ spec: listKind: ContainerStorageModuleList plural: containerstoragemodules shortNames: - - csm + - csm singular: containerstoragemodule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: - ContainerStorageModule is the Schema for the containerstoragemodules - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: - AuthSecret is the name of the credentials secret - for the driver - type: string - common: - description: - Common is the common specification for both controller - and node plugins + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ContainerStorageModule is the Schema for the containerstoragemodules + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: AuthSecret is the name of the credentials secret + for the driver + type: string + common: + description: Common is the common specification for both controller + and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the + driver + type: string + controller: + description: Controller is the specification for Controller plugin + only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver + properties: + fSGroupPolicy: + type: string + storageCapacity: + type: boolean + type: object + csiDriverType: + description: CSIDriverType is the CSI Driver type for Dell Technologies + - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: DNSPolicy is the dnsPolicy of the daemonset for Node + plugin + type: string + forceRemoveDriver: + description: ForceRemoveDriver is the boolean flag used to remove + driver deployment when CR is deleted + type: boolean + forceUpdate: + description: ForceUpdate is the boolean flag used to force an + update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -78,90 +828,74 @@ spec: type: string type: array authorizationController: - description: - AuthorizationController is the image tag for + description: AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller + description: The interval which the reconcile of each controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -177,9 +911,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -194,12 +927,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -208,17 +940,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -227,34 +957,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -264,42 +990,40 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server hostname + description: Hostname is the authorization proxy server + hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader + description: LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -312,8 +1036,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -323,24 +1046,20 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress + description: ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value + description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -357,8 +1076,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -371,9 +1089,8 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment + description: RedisReplicas is the number of replicas for + the redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -382,43 +1099,37 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip + description: skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -457,8 +1168,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -468,111 +1178,456 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - configVersion: - description: - ConfigVersion is the configuration version of the - driver - type: string - controller: - description: - Controller is the specification for Controller plugin - only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate + type: array + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + replicas: + description: Replicas is the count of controllers for Controller + plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller + description: The interval which the reconcile of each controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -588,9 +1643,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -605,12 +1659,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -619,17 +1672,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -638,34 +1689,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -675,42 +1722,40 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server hostname + description: Hostname is the authorization proxy server + hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader + description: LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -723,8 +1768,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -734,24 +1778,20 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress + description: ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value + description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -768,8 +1808,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -782,9 +1821,8 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment + description: RedisReplicas is the number of replicas for + the redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -793,43 +1831,37 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip + description: skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -868,8 +1900,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -879,41 +1910,40 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver + type: array + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct properties: - fSGroupPolicy: + name: + description: Name is the name of the Snapshot Class type: string - storageCapacity: - type: boolean + parameters: + additionalProperties: + type: string + description: Parameters is a map of driver specific parameters + for snapshot class + type: object type: object - csiDriverType: - description: - CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: - DNSPolicy is the dnsPolicy of the daemonset for Node - plugin - type: string - forceRemoveDriver: - description: - ForceRemoveDriver is the boolean flag used to remove - driver deployment when CR is deleted - type: boolean - forceUpdate: - description: - ForceUpdate is the boolean flag used to force an - update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: Modules is list of Container Storage Module modules you + want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: Components is the specification for CSM components + containers items: description: ContainerTemplate template properties: @@ -923,90 +1953,74 @@ spec: type: string type: array authorizationController: - description: - AuthorizationController is the image tag for - the container + description: AuthorizationController is the image tag + for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run + description: The interval which the reconcile of each + controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to - access objectstore + description: SecretContents contains credentials + to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore + description: AccessKeyID is a name of key ID + to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to - deploy a module + description: Enabled is used to indicate wether or not + to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for - the container + description: Envs is the set of environment variables + for the container items: - description: - EnvVar represents an environment variable + description: EnvVar represents an environment variable present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1022,8 +2036,7 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -1039,12 +2052,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1053,17 +2065,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in - the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1072,34 +2082,31 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for - volumes, optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the + description: Selects a key of a secret in the pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1109,45 +2116,39 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or - its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: - Hostname is the authorization proxy server + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image + description: ImagePullPolicy is the image pull policy + for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader - election + description: LeaderElection is boolean flag to enable + leader election type: boolean licenseName: - description: - LicenseName is the name of the license for + description: LicenseName is the name of the license for app-mobility type: string name: @@ -1161,9 +2162,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility + description: ObjectStoreSecretName is the name of the + secret for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -1172,25 +2172,22 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress - configuration struct + description: ProxyServerIngress is the authorization + ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress + description: Annotations is an unstructured key + value map that stores additional annotations for + the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -1206,8 +2203,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1220,53 +2216,47 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for + description: RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app mobility + description: ReplicaCount is the replica count for app + mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation + description: skipCertificateValidation is the flag to + skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for + description: Tolerations is the list of tolerations for the driver pods items: description: |- @@ -1306,8 +2296,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1317,517 +2306,102 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - node: - description: Node is the specification for Node plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable present - in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for volumes, - optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - replicas: - description: - Replicas is the count of controllers for Controller - plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container + configVersion: + description: ConfigVersion is the configuration version of the + module + type: string + enabled: + description: Enabled is used to indicate whether or not to deploy + a module + type: boolean + forceRemoveModule: + description: ForceRemoveModule is the boolean flag used to remove + authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag + for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run + description: The interval which the reconcile of each + controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to - access objectstore + description: SecretContents contains credentials + to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore + description: AccessKeyID is a name of key ID + to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to - deploy a module + description: Enabled is used to indicate wether or not + to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for - the container + description: Envs is the set of environment variables + for the container items: - description: - EnvVar represents an environment variable + description: EnvVar represents an environment variable present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1843,8 +2417,7 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -1860,12 +2433,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1874,17 +2446,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in - the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1893,34 +2463,31 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for - volumes, optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the + description: Selects a key of a secret in the pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1930,45 +2497,39 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or - its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: - Hostname is the authorization proxy server + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image + description: ImagePullPolicy is the image pull policy + for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader - election + description: LeaderElection is boolean flag to enable + leader election type: boolean licenseName: - description: - LicenseName is the name of the license for + description: LicenseName is the name of the license for app-mobility type: string name: @@ -1982,9 +2543,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility + description: ObjectStoreSecretName is the name of the + secret for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -1993,25 +2553,22 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress - configuration struct + description: ProxyServerIngress is the authorization + ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress + description: Annotations is an unstructured key + value map that stores additional annotations for + the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2027,8 +2584,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2041,53 +2597,47 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for + description: RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app mobility + description: ReplicaCount is the replica count for app + mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation + description: skipCertificateValidation is the flag to + skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for + description: Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2127,8 +2677,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2138,927 +2687,50 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct - properties: - name: - description: Name is the name of the Snapshot Class - type: string - parameters: - additionalProperties: - type: string - description: - Parameters is a map of driver specific parameters - for snapshot class - type: object - type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: - Modules is list of Container Storage Module modules you - want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: - Components is the specification for CSM components - containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each - controller is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables - for the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy - for the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable - leader election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the - secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization - ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key - value map that stores additional annotations for - the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: - ReplicaCount is the replica count for app - mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to - skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - configVersion: - description: - ConfigVersion is the configuration version of the - module - type: string - enabled: - description: - Enabled is used to indicate whether or not to deploy - a module - type: boolean - forceRemoveModule: - description: - ForceRemoveModule is the boolean flag used to remove - authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each - controller is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables - for the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy - for the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable - leader election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the - secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization - ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key - value map that stores additional annotations for - the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: - ReplicaCount is the replica count for app - mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to - skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - name: - description: Name is name of ContainerStorageModule modules - type: string - type: object - type: array - type: object - status: - description: - ContainerStorageModuleStatus defines the observed state of - ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: + name: + description: Name is name of ContainerStorageModule modules type: string type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + status: + description: ContainerStorageModuleStatus defines the observed state of + ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/bundle/tests/scorecard/config.yaml b/bundle/tests/scorecard/config.yaml index e6aa868bd..2cbf8825d 100644 --- a/bundle/tests/scorecard/config.yaml +++ b/bundle/tests/scorecard/config.yaml @@ -3,68 +3,68 @@ kind: Configuration metadata: name: config stages: - - parallel: true - tests: - - entrypoint: - - scorecard-test - - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: basic - test: basic-check-spec-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-bundle-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-crds-have-validation-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-crds-have-resources-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-spec-descriptors-test - storage: - spec: - mountPath: {} - - entrypoint: - - scorecard-test - - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.13.1 - labels: - suite: olm - test: olm-status-descriptors-test - storage: - spec: - mountPath: {} +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.13.1 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} storage: spec: mountPath: {} diff --git a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml index 052a9a741..805baca01 100644 --- a/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml +++ b/config/crd/bases/storage.dell.com_apexconnectivityclients.yaml @@ -12,60 +12,437 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: - ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: - Common is the common specification for both controller - and node plugins + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: Common is the common specification for both controller + and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the + client + type: string + connectionTarget: + description: ConnectionTarget is the target that the client connects + to in the Dell datacenter + type: string + csmClientType: + description: ClientType is the Client type for Dell Technologies + - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: ForceRemoveClient is the boolean flag used to remove + client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -73,90 +450,74 @@ spec: type: string type: array authorizationController: - description: - AuthorizationController is the image tag for + description: AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller + description: The interval which the reconcile of each controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -172,9 +533,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -189,12 +549,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -203,17 +562,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -222,34 +579,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -259,42 +612,40 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server hostname + description: Hostname is the authorization proxy server + hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader + description: LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -307,8 +658,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -318,24 +668,20 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress + description: ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value + description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -352,8 +698,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -366,9 +711,8 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment + description: RedisReplicas is the number of replicas for + the redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -377,43 +721,37 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip + description: skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -452,8 +790,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -463,881 +800,403 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - configVersion: - description: - ConfigVersion is the configuration version of the - client - type: string - connectionTarget: - description: - ConnectionTarget is the target that the client connects - to in the Dell datacenter - type: string - csmClientType: - description: - ClientType is the Client type for Dell Technologies - - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: - ForceRemoveClient is the boolean flag used to remove - client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server + hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for + app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for + the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for + the driver pods + items: description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: - UsePrivateCaCerts is used to specify private CA signed - certs - type: boolean - type: object - type: object - status: - description: - ApexConnectivityClientStatus defines the observed state of - ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: UsePrivateCaCerts is used to specify private CA signed + certs + type: boolean + type: object + type: object + status: + description: ApexConnectivityClientStatus defines the observed state of + ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml index 2a3d0f88f..a6fe0d00f 100644 --- a/config/crd/bases/storage.dell.com_containerstoragemodules.yaml +++ b/config/crd/bases/storage.dell.com_containerstoragemodules.yaml @@ -12,65 +12,815 @@ spec: listKind: ContainerStorageModuleList plural: containerstoragemodules shortNames: - - csm + - csm singular: containerstoragemodule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: - ContainerStorageModule is the Schema for the containerstoragemodules - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: - AuthSecret is the name of the credentials secret - for the driver - type: string - common: - description: - Common is the common specification for both controller - and node plugins + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ContainerStorageModule is the Schema for the containerstoragemodules + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: AuthSecret is the name of the credentials secret + for the driver + type: string + common: + description: Common is the common specification for both controller + and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the + driver + type: string + controller: + description: Controller is the specification for Controller plugin + only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver + properties: + fSGroupPolicy: + type: string + storageCapacity: + type: boolean + type: object + csiDriverType: + description: CSIDriverType is the CSI Driver type for Dell Technologies + - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: DNSPolicy is the dnsPolicy of the daemonset for Node + plugin + type: string + forceRemoveDriver: + description: ForceRemoveDriver is the boolean flag used to remove + driver deployment when CR is deleted + type: boolean + forceUpdate: + description: ForceUpdate is the boolean flag used to force an + update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -78,90 +828,74 @@ spec: type: string type: array authorizationController: - description: - AuthorizationController is the image tag for + description: AuthorizationController is the image tag for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller + description: The interval which the reconcile of each controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -177,9 +911,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -194,12 +927,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -208,17 +940,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -227,34 +957,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -264,42 +990,40 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server hostname + description: Hostname is the authorization proxy server + hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader + description: LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -312,8 +1036,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -323,24 +1046,20 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress + description: ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value + description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -357,8 +1076,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -371,9 +1089,8 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment + description: RedisReplicas is the number of replicas for + the redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -382,43 +1099,37 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip + description: skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -457,8 +1168,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -468,111 +1178,456 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - configVersion: - description: - ConfigVersion is the configuration version of the - driver - type: string - controller: - description: - Controller is the specification for Controller plugin - only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate + type: array + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller + is run + type: string + credentials: + description: ComponentCred is to store the velero credential + contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether + or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains + credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to + access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to + access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access + objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent + services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to + deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for + the container + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for + the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret + path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader + election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret + for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key + pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy + server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress + configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value + map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas + for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the + redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas + for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip + certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas + for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy + server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas + for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the + driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot + is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero + is installed in + type: string + type: object + replicas: + description: Replicas is the count of controllers for Controller + plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for + the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number + of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key + pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority + used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller + description: The interval which the reconcile of each controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore + description: CreateWithInstall is used to indicate + wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to + description: SecretContents contains credentials to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to + description: AccessKeyID is a name of key ID to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to + description: Enabled is used to indicate wether or not to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for + description: Envs is the set of environment variables for the container items: - description: - EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable + present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -588,9 +1643,8 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. @@ -605,12 +1659,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap or - its key must be defined + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -619,17 +1672,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in + description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -638,34 +1689,30 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for volumes, - optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace + description: Selects a key of a secret in the + pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -675,42 +1722,40 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or its - key must be defined + description: Specify whether the Secret or + its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: Hostname is the authorization proxy server hostname + description: Hostname is the authorization proxy server + hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for + description: ImagePullPolicy is the image pull policy for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader + description: LeaderElection is boolean flag to enable leader election type: boolean licenseName: - description: LicenseName is the name of the license for app-mobility + description: LicenseName is the name of the license for + app-mobility type: string name: description: Name is the name of Container @@ -723,8 +1768,7 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string opa: @@ -734,24 +1778,20 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress + description: ProxyServerIngress is the authorization ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value + description: Annotations is an unstructured key value map that stores additional annotations for the ingress type: object hosts: @@ -768,8 +1808,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -782,9 +1821,8 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment + description: RedisReplicas is the number of replicas for + the redis deployment type: integer replicaCount: description: ReplicaCount is the replica count for app mobility @@ -793,43 +1831,37 @@ spec: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip + description: skipCertificateValidation is the flag to skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for the - driver pods + description: Tolerations is the list of tolerations for + the driver pods items: description: |- The pod this Toleration is attached to tolerates any taint that matches @@ -868,8 +1900,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -879,41 +1910,40 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver + type: array + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct properties: - fSGroupPolicy: + name: + description: Name is the name of the Snapshot Class type: string - storageCapacity: - type: boolean + parameters: + additionalProperties: + type: string + description: Parameters is a map of driver specific parameters + for snapshot class + type: object type: object - csiDriverType: - description: - CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: - DNSPolicy is the dnsPolicy of the daemonset for Node - plugin - type: string - forceRemoveDriver: - description: - ForceRemoveDriver is the boolean flag used to remove - driver deployment when CR is deleted - type: boolean - forceUpdate: - description: - ForceUpdate is the boolean flag used to force an - update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: Modules is list of Container Storage Module modules you + want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: Components is the specification for CSM components + containers items: description: ContainerTemplate template properties: @@ -923,90 +1953,74 @@ spec: type: string type: array authorizationController: - description: - AuthorizationController is the image tag for - the container + description: AuthorizationController is the image tag + for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run + description: The interval which the reconcile of each + controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to - access objectstore + description: SecretContents contains credentials + to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore + description: AccessKeyID is a name of key ID + to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to - deploy a module + description: Enabled is used to indicate wether or not + to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for - the container + description: Envs is the set of environment variables + for the container items: - description: - EnvVar represents an environment variable + description: EnvVar represents an environment variable present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1022,8 +2036,7 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -1039,12 +2052,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1053,17 +2065,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in - the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1072,34 +2082,31 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for - volumes, optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the + description: Selects a key of a secret in the pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1109,45 +2116,39 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or - its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: - Hostname is the authorization proxy server + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image + description: ImagePullPolicy is the image pull policy + for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader - election + description: LeaderElection is boolean flag to enable + leader election type: boolean licenseName: - description: - LicenseName is the name of the license for + description: LicenseName is the name of the license for app-mobility type: string name: @@ -1161,9 +2162,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility + description: ObjectStoreSecretName is the name of the + secret for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -1172,25 +2172,22 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress - configuration struct + description: ProxyServerIngress is the authorization + ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress + description: Annotations is an unstructured key + value map that stores additional annotations for + the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -1206,8 +2203,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -1220,53 +2216,47 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for + description: RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app mobility + description: ReplicaCount is the replica count for app + mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation + description: skipCertificateValidation is the flag to + skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for + description: Tolerations is the list of tolerations for the driver pods items: description: |- @@ -1306,8 +2296,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -1317,517 +2306,102 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - node: - description: Node is the specification for Node plugin only - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate wether - or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials to - access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not to - deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables for - the container - items: - description: - EnvVar represents an environment variable present - in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for volumes, - optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the pod's - namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable leader - election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization ingress - configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for the - redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for the - driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - replicas: - description: - Replicas is the count of controllers for Controller - plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag for - the container + configVersion: + description: ConfigVersion is the configuration version of the + module + type: string + enabled: + description: Enabled is used to indicate whether or not to deploy + a module + type: boolean + forceRemoveModule: + description: ForceRemoveModule is the boolean flag used to remove + authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag + for the container type: string authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment type: integer certificate: - description: - Certificate is a certificate used for a certificate/private-key + description: Certificate is a certificate used for a certificate/private-key pair type: string certificateAuthority: - description: - CertificateAuthority is a certificate authority + description: CertificateAuthority is a certificate authority used to validate a certificate type: string commander: description: Commander is the image tag for the Container type: string controllerReconcileInterval: - description: - The interval which the reconcile of each controller - is run + description: The interval which the reconcile of each + controller is run type: string credentials: - description: - ComponentCred is to store the velero credential + description: ComponentCred is to store the velero credential contents items: description: Credential struct properties: createWithInstall: - description: - CreateWithInstall is used to indicate + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore type: boolean name: - description: - Name is the name of secret which contains + description: Name is the name of secret which contains credentials to access objectstore type: string secretContents: - description: - SecretContents contains credentials to - access objectstore + description: SecretContents contains credentials + to access objectstore properties: aws_access_key_id: - description: - AccessKeyID is a name of key ID to - access objectstore + description: AccessKeyID is a name of key ID + to access objectstore type: string aws_secret_access_key: - description: - AccessKey contains the key to access + description: AccessKey contains the key to access objectstore type: string type: object type: object type: array deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent + description: DeployNodeAgent is to enable/disable node-agent services type: boolean enabled: - description: - Enabled is used to indicate wether or not to - deploy a module + description: Enabled is used to indicate wether or not + to deploy a module type: boolean envs: - description: - Envs is the set of environment variables for - the container + description: Envs is the set of environment variables + for the container items: - description: - EnvVar represents an environment variable + description: EnvVar represents an environment variable present in a Container. properties: name: - description: - Name of the environment variable. Must + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: @@ -1843,8 +2417,7 @@ spec: Defaults to "". type: string valueFrom: - description: - Source for the environment variable's + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: @@ -1860,12 +2433,11 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the ConfigMap + description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1874,17 +2446,15 @@ spec: spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: - description: - Version of the schema the FieldPath + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: - description: - Path of the field to select in - the specified API version. + description: Path of the field to select + in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1893,34 +2463,31 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: - "Container name: required for - volumes, optional for env vars" + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string - description: - Specifies the output format of - the exposed resources, defaults to "1" + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: - Selects a key of a secret in the + description: Selects a key of a secret in the pod's namespace properties: key: - description: - The key of the secret to select + description: The key of the secret to select from. Must be a valid secret key. type: string name: @@ -1930,45 +2497,39 @@ spec: TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: - description: - Specify whether the Secret or - its key must be defined + description: Specify whether the Secret + or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: - description: - Hostname is the authorization proxy server + description: Hostname is the authorization proxy server hostname type: string image: description: Image is the image tag for the Container type: string imagePullPolicy: - description: - ImagePullPolicy is the image pull policy for - the image + description: ImagePullPolicy is the image pull policy + for the image type: string kvEnginePath: - description: - kvEnginePath is the Authorization vault secret + description: kvEnginePath is the Authorization vault secret path type: string leaderElection: - description: - LeaderElection is boolean flag to enable leader - election + description: LeaderElection is boolean flag to enable + leader election type: boolean licenseName: - description: - LicenseName is the name of the license for + description: LicenseName is the name of the license for app-mobility type: string name: @@ -1982,9 +2543,8 @@ spec: Selector which must match a node's labels for the pod to be scheduled on that node. type: object objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the secret - for the object store for app-mobility + description: ObjectStoreSecretName is the name of the + secret for the object store for app-mobility type: string opa: description: Opa is the image tag for the Container @@ -1993,25 +2553,22 @@ spec: description: OpaKubeMgmt is the image tag for the Container type: string privateKey: - description: - PrivateKey is a private key used for a certificate/private-key + description: PrivateKey is a private key used for a certificate/private-key pair type: string proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy + description: ProxyServerIngress is the authorization proxy server ingress configuration items: - description: - ProxyServerIngress is the authorization ingress - configuration struct + description: ProxyServerIngress is the authorization + ingress configuration struct properties: annotations: additionalProperties: type: string - description: - Annotations is an unstructured key value - map that stores additional annotations for the ingress + description: Annotations is an unstructured key + value map that stores additional annotations for + the ingress type: object hosts: description: Hosts is the hosts rules for the ingress @@ -2027,8 +2584,7 @@ spec: description: ProxyService is the image tag for the Container type: string proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment type: integer redis: @@ -2041,53 +2597,47 @@ spec: description: RedisName is the name of the redis statefulset type: string redisReplicas: - description: - RedisReplicas is the number of replicas for + description: RedisReplicas is the number of replicas for the redis deployment type: integer replicaCount: - description: ReplicaCount is the replica count for app mobility + description: ReplicaCount is the replica count for app + mobility type: string roleService: description: RoleService is the image tag for the Container type: string roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas + description: RoleServiceReplicas is the number of replicas for the role service deployment type: integer sentinel: description: Sentinel is the name of the sentinel statefulSet type: string skipCertificateValidation: - description: - skipCertificateValidation is the flag to skip - certificate validation + description: skipCertificateValidation is the flag to + skip certificate validation type: boolean storageService: description: StorageService is the image tag for the Container type: string storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas + description: StorageServiceReplicas is the number of replicas for storage service deployment type: integer storageclass: - description: - RedisStorageClass is the authorization proxy + description: RedisStorageClass is the authorization proxy server redis storage class for persistence type: string tenantService: description: TenantService is the image tag for the Container type: string tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas + description: TenantServiceReplicas is the number of replicas for the tenant service deployment type: integer tolerations: - description: - Tolerations is the list of tolerations for + description: Tolerations is the list of tolerations for the driver pods items: description: |- @@ -2127,8 +2677,7 @@ spec: type: object type: array useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot + description: UseSnapshot is to check whether volume snapshot is enabled under velero component type: boolean vaultAddress: @@ -2138,924 +2687,47 @@ spec: description: VaultRole is the role for the vault type: string veleroNamespace: - description: - VeleroNamespace is the namespace that Velero + description: VeleroNamespace is the namespace that Velero is installed in type: string type: object type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct - properties: - name: - description: Name is the name of the Snapshot Class - type: string - parameters: - additionalProperties: - type: string - description: - Parameters is a map of driver specific parameters - for snapshot class - type: object - type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: - Modules is list of Container Storage Module modules you - want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: - Components is the specification for CSM components - containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each - controller is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables - for the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy - for the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable - leader election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the - secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization - ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key - value map that stores additional annotations for - the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: - ReplicaCount is the replica count for app - mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to - skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - configVersion: - description: - ConfigVersion is the configuration version of the - module - type: string - enabled: - description: - Enabled is used to indicate whether or not to deploy - a module - type: boolean - forceRemoveModule: - description: - ForceRemoveModule is the boolean flag used to remove - authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: - AuthorizationController is the image tag - for the container - type: string - authorizationControllerReplicas: - description: - AuthorizationControllerReplicas is the number - of replicas for the authorization controller deployment - type: integer - certificate: - description: - Certificate is a certificate used for a certificate/private-key - pair - type: string - certificateAuthority: - description: - CertificateAuthority is a certificate authority - used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: - The interval which the reconcile of each - controller is run - type: string - credentials: - description: - ComponentCred is to store the velero credential - contents - items: - description: Credential struct - properties: - createWithInstall: - description: - CreateWithInstall is used to indicate - wether or not to create a secret for objectstore - type: boolean - name: - description: - Name is the name of secret which contains - credentials to access objectstore - type: string - secretContents: - description: - SecretContents contains credentials - to access objectstore - properties: - aws_access_key_id: - description: - AccessKeyID is a name of key ID - to access objectstore - type: string - aws_secret_access_key: - description: - AccessKey contains the key to access - objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: - DeployNodeAgent is to enable/disable node-agent - services - type: boolean - enabled: - description: - Enabled is used to indicate wether or not - to deploy a module - type: boolean - envs: - description: - Envs is the set of environment variables - for the container - items: - description: - EnvVar represents an environment variable - present in a Container. - properties: - name: - description: - Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: - Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: - Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: - Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: - "Container name: required for - volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: - Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: - Selects a key of a secret in the - pod's namespace - properties: - key: - description: - The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: - Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: - Hostname is the authorization proxy server - hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: - ImagePullPolicy is the image pull policy - for the image - type: string - kvEnginePath: - description: - kvEnginePath is the Authorization vault secret - path - type: string - leaderElection: - description: - LeaderElection is boolean flag to enable - leader election - type: boolean - licenseName: - description: - LicenseName is the name of the license for - app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: - ObjectStoreSecretName is the name of the - secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: - PrivateKey is a private key used for a certificate/private-key - pair - type: string - proxyServerIngress: - description: - ProxyServerIngress is the authorization proxy - server ingress configuration - items: - description: - ProxyServerIngress is the authorization - ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: - Annotations is an unstructured key - value map that stores additional annotations for - the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: - ProxyServiceReplicas is the number of replicas - for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: - RedisReplicas is the number of replicas for - the redis deployment - type: integer - replicaCount: - description: - ReplicaCount is the replica count for app - mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: - RoleServiceReplicas is the number of replicas - for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: - skipCertificateValidation is the flag to - skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: - StorageServiceReplicas is the number of replicas - for storage service deployment - type: integer - storageclass: - description: - RedisStorageClass is the authorization proxy - server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: - TenantServiceReplicas is the number of replicas - for the tenant service deployment - type: integer - tolerations: - description: - Tolerations is the list of tolerations for - the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: - UseSnapshot is to check whether volume snapshot - is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: - VeleroNamespace is the namespace that Velero - is installed in - type: string - type: object - type: array - name: - description: Name is name of ContainerStorageModule modules - type: string - type: object - type: array - type: object - status: - description: - ContainerStorageModuleStatus defines the observed state of - ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: + name: + description: Name is name of ContainerStorageModule modules type: string type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + status: + description: ContainerStorageModuleStatus defines the observed state of + ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index eb45148d9..9430b0e0c 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,8 +2,8 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: - - bases/storage.dell.com_containerstoragemodules.yaml - - bases/storage.dell.com_apexconnectivityclients.yaml +- bases/storage.dell.com_containerstoragemodules.yaml +- bases/storage.dell.com_apexconnectivityclients.yaml #+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -19,4 +19,4 @@ patchesStrategicMerge: # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: - - kustomizeconfig.yaml +- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml index c1418ddee..ec5c150a9 100644 --- a/config/crd/kustomizeconfig.yaml +++ b/config/crd/kustomizeconfig.yaml @@ -1,19 +1,19 @@ # This file is for teaching kustomize how to substitute name and namespace reference in CRD nameReference: - - kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: +- kind: Service + version: v1 + fieldSpecs: - kind: CustomResourceDefinition version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false varReference: - - path: metadata/annotations +- path: metadata/annotations diff --git a/config/crd/patches/webhook_in_csms.yaml b/config/crd/patches/webhook_in_csms.yaml index 7c3ef98af..94d4ca0cd 100644 --- a/config/crd/patches/webhook_in_csms.yaml +++ b/config/crd/patches/webhook_in_csms.yaml @@ -13,4 +13,4 @@ spec: name: webhook-service path: /convert conversionReviewVersions: - - v1 + - v1 diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index a83f4b1bc..0c6f5220e 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -13,10 +13,10 @@ namePrefix: dell-csm-operator- # someName: someValue bases: - - ../crd - - ../serviceaccount - - ../rbac - - ../manager +- ../crd +- ../serviceaccount +- ../rbac +- ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook @@ -26,10 +26,10 @@ bases: #- ../prometheus patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. - - manager_auth_proxy_patch.yaml +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml index fafeb381a..4e2232fa1 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/default/manager_auth_proxy_patch.yaml @@ -9,19 +9,19 @@ spec: template: spec: containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - protocol: TCP - name: https - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + protocol: TCP + name: https + - name: manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml index 68563ebf1..6c400155c 100644 --- a/config/default/manager_config_patch.yaml +++ b/config/default/manager_config_patch.yaml @@ -7,14 +7,14 @@ spec: template: spec: containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: - name: manager-config - configMap: - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index 6b4d57c14..531693b17 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -7,9 +7,9 @@ namePrefix: dell-csm-operator- # someName: someValue bases: - - ../serviceaccount - - ../rbac - - ../manager +- ../serviceaccount +- ../rbac +- ../manager images: - name: controller diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index dba370b72..2572bb2a3 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,16 @@ resources: - - manager.yaml +- manager.yaml generatorOptions: disableNameSuffixHash: true configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - - name: controller - newName: docker.io/dellemc/dell-csm-operator - newTag: v1.6.1 +- name: controller + newName: docker.io/dellemc/dell-csm-operator + newTag: v1.6.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 9a6c35d42..b18af8bf1 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -21,87 +21,87 @@ spec: securityContext: runAsNonRoot: true containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - imagePullPolicy: Always - name: manager - env: - - value: docker.io/dellemc/dell-csm-operator:v1.6.0 - name: RELATED_IMAGE_dell-csm-operator - - value: docker.io/dellemc/csi-isilon:v2.11.0 - name: RELATED_IMAGE_csi-isilon - - value: docker.io/dellemc/csi-powermax:v2.11.0 - name: RELATED_IMAGE_csi-powermax - - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: RELATED_IMAGE_csipowermax-reverseproxy - - value: docker.io/dellemc/csi-powerstore:v2.11.1 - name: RELATED_IMAGE_csi-powerstore - - value: docker.io/dellemc/csi-unity:v2.11.1 - name: RELATED_IMAGE_csi-unity - - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: RELATED_IMAGE_csi-vxflexos - - value: docker.io/dellemc/sdc:4.5.2.1 - name: RELATED_IMAGE_sdc - - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: RELATED_IMAGE_karavi-authorization-proxy - - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: RELATED_IMAGE_dell-csi-replicator - - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: RELATED_IMAGE_dell-replication-controller-manager - - value: docker.io/dellemc/csm-topology:v1.9.0 - name: RELATED_IMAGE_topology - - value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_otel-collector - - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: RELATED_IMAGE_metrics-powerscale - - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: RELATED_IMAGE_metrics-powermax - - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: RELATED_IMAGE_metrics-powerflex - - value: docker.io/dellemc/podmon:v1.10.0 - name: RELATED_IMAGE_podmon-node - - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: RELATED_IMAGE_kube-rbac-proxy - - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: RELATED_IMAGE_attacher - - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: RELATED_IMAGE_provisioner - - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: RELATED_IMAGE_snapshotter - - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: RELATED_IMAGE_registrar - - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: RELATED_IMAGE_resizer - - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: RELATED_IMAGE_externalhealthmonitorcontroller - - value: dellemc/csi-metadata-retriever:v1.8.0 - name: RELATED_IMAGE_metadataretriever - - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: RELATED_IMAGE_dell-connectivity-client - - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: RELATED_IMAGE_cert-persister - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi + - command: + - /manager + args: + - --leader-elect + image: controller:latest + imagePullPolicy: Always + name: manager + env: + - value: docker.io/dellemc/dell-csm-operator:v1.6.0 + name: RELATED_IMAGE_dell-csm-operator + - value: docker.io/dellemc/csi-isilon:v2.11.0 + name: RELATED_IMAGE_csi-isilon + - value: docker.io/dellemc/csi-powermax:v2.11.0 + name: RELATED_IMAGE_csi-powermax + - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: RELATED_IMAGE_csipowermax-reverseproxy + - value: docker.io/dellemc/csi-powerstore:v2.11.1 + name: RELATED_IMAGE_csi-powerstore + - value: docker.io/dellemc/csi-unity:v2.11.1 + name: RELATED_IMAGE_csi-unity + - value: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: RELATED_IMAGE_csi-vxflexos + - value: docker.io/dellemc/sdc:4.5.2.1 + name: RELATED_IMAGE_sdc + - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: RELATED_IMAGE_karavi-authorization-proxy + - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: RELATED_IMAGE_dell-csi-replicator + - value: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: RELATED_IMAGE_dell-replication-controller-manager + - value: docker.io/dellemc/csm-topology:v1.9.0 + name: RELATED_IMAGE_topology + - value: docker.io/otel/opentelemetry-collector:0.42.0 + name: RELATED_IMAGE_otel-collector + - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: RELATED_IMAGE_metrics-powerscale + - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: RELATED_IMAGE_metrics-powermax + - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: RELATED_IMAGE_metrics-powerflex + - value: docker.io/dellemc/podmon:v1.10.0 + name: RELATED_IMAGE_podmon-node + - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: RELATED_IMAGE_kube-rbac-proxy + - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: RELATED_IMAGE_attacher + - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: RELATED_IMAGE_provisioner + - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: RELATED_IMAGE_snapshotter + - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: RELATED_IMAGE_registrar + - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: RELATED_IMAGE_resizer + - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: RELATED_IMAGE_externalhealthmonitorcontroller + - value: dellemc/csi-metadata-retriever:v1.8.0 + name: RELATED_IMAGE_metadataretriever + - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: RELATED_IMAGE_dell-connectivity-client + - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: RELATED_IMAGE_cert-persister + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi terminationGracePeriodSeconds: 10 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index bb2b8ee06..87fa864ec 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -2,7 +2,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: - alm-examples: "[]" + alm-examples: '[]' capabilities: Seamless Upgrades categories: Storage containerImage: docker.io/dellemc/dell-csm-operator:v1.6.1 @@ -23,2107 +23,1935 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: - ApexConnectivityClient is the Schema for the ApexConnectivityClient - API - displayName: Apex Connectivity Client - kind: ApexConnectivityClient - name: apexconnectivityclients.storage.dell.com - specDescriptors: - - description: - Common is the common specification for both controller and node - plugins - displayName: Common specification - path: client.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.common.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.common.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.common.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.common.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.common.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.common.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.common.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.common.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.common.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.common.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.common.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.common.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.common.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.common.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.common.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.common.veleroNamespace - - description: ConfigVersion is the configuration version of the client - displayName: Config Version - path: client.configVersion - - description: - ConnectionTarget is the target that the client connects to in - the Dell datacenter - displayName: Connection Target - path: client.connectionTarget - - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - displayName: Client Type - path: client.csmClientType - - description: - ForceRemoveClient is the boolean flag used to remove client deployment - when CR is deleted - displayName: Force Remove Client - path: client.forceRemoveClient - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.initContainers[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.initContainers[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.initContainers[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.initContainers[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.initContainers[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.initContainers[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.initContainers[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.initContainers[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.initContainers[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.initContainers[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.initContainers[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.initContainers[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.initContainers[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.initContainers[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.initContainers[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.initContainers[0].veleroNamespace - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: client.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: client.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: client.sideCars[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: client.sideCars[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: client.sideCars[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: client.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: client.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: client.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: client.sideCars[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: client.sideCars[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: client.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: client.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: client.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: client.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: client.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: client.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: client.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: client.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: client.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: client.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: client.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: client.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: client.sideCars[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: client.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: client.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: client.sideCars[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: client.sideCars[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: client.sideCars[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: client.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: client.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: client.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: client.sideCars[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: client.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: client.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: client.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: client.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: client.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: client.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: client.sideCars[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: client.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: client.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: client.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: client.sideCars[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: client.sideCars[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: client.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: client.sideCars[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: client.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: client.sideCars[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: client.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: client.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: client.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: client.sideCars[0].veleroNamespace - - description: UsePrivateCaCerts is used to specify private CA signed certs - displayName: Use Private CA Certs - path: client.usePrivateCaCerts - - description: State is the state of the client installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - - description: - ContainerStorageModule is the Schema for the containerstoragemodules - API - displayName: Container Storage Module - kind: ContainerStorageModule - name: containerstoragemodules.storage.dell.com - specDescriptors: - - description: AuthSecret is the name of the credentials secret for the driver - displayName: Auth Secret - path: driver.authSecret - - description: - Common is the common specification for both controller and node - plugins - displayName: Common specification - path: driver.common - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.common.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.common.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.common.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.common.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.common.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.common.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.common.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.common.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.common.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.common.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.common.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.common.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.common.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.common.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.common.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.common.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.common.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.common.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.common.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.common.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.common.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.common.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.common.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.common.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.common.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.common.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.common.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.common.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.common.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.common.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.common.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.common.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.common.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.common.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.common.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.common.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.common.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.common.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.common.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.common.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.common.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.common.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.common.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.common.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.common.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.common.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.common.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.common.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.common.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.common.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.common.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.common.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.common.veleroNamespace - - description: ConfigVersion is the configuration version of the driver - displayName: Config Version - path: driver.configVersion - - description: Controller is the specification for Controller plugin only - displayName: Controller Specification - path: driver.controller - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.controller.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.controller.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.controller.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.controller.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.controller.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.controller.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.controller.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.controller.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.controller.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.controller.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.controller.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.controller.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.controller.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.controller.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.controller.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.controller.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.controller.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.controller.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.controller.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.controller.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.controller.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.controller.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.controller.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.controller.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.controller.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.controller.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.controller.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.controller.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.controller.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.controller.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.controller.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.controller.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.controller.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.controller.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.controller.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.controller.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.controller.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.controller.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.controller.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.controller.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.controller.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.controller.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.controller.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.controller.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.controller.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.controller.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.controller.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.controller.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.controller.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.controller.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.controller.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.controller.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.controller.veleroNamespace - - description: CSIDriverSpec is the specification for CSIDriver - displayName: CSI Driver Spec - path: driver.csiDriverSpec - - description: - CSIDriverType is the CSI Driver type for Dell Technologies - - e.g, powermax, powerflex,... - displayName: CSI Driver Type - path: driver.csiDriverType - - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - displayName: DNSPolicy - path: driver.dnsPolicy - - description: - ForceRemoveDriver is the boolean flag used to remove driver deployment - when CR is deleted - displayName: Force Remove Driver - path: driver.forceRemoveDriver - - description: - ForceUpdate is the boolean flag used to force an update of the - driver instance - displayName: Force update - path: driver.forceUpdate - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.initContainers[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.initContainers[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.initContainers[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.initContainers[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.initContainers[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.initContainers[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.initContainers[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.initContainers[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.initContainers[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.initContainers[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.initContainers[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.initContainers[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.initContainers[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.initContainers[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.initContainers[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.initContainers[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.initContainers[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.initContainers[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.initContainers[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.initContainers[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.initContainers[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.initContainers[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.initContainers[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.initContainers[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.initContainers[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.initContainers[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.initContainers[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.initContainers[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.initContainers[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.initContainers[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.initContainers[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.initContainers[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.initContainers[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.initContainers[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.initContainers[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.initContainers[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.initContainers[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.initContainers[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.initContainers[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.initContainers[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.initContainers[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.initContainers[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.initContainers[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.initContainers[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.initContainers[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.initContainers[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.initContainers[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.initContainers[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.initContainers[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.initContainers[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.initContainers[0].veleroNamespace - - description: Node is the specification for Node plugin only - displayName: Node specification - path: driver.node - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.node.args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.node.authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.node.authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.node.certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.node.certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.node.commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.node.controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.node.credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.node.credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.node.credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.node.credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.node.credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.node.credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.node.deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.node.enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.node.envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.node.hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.node.image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.node.imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.node.kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.node.leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.node.licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.node.name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.node.nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.node.objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.node.opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.node.opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.node.privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.node.proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.node.proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.node.proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.node.proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.node.proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.node.proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.node.redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.node.redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.node.redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.node.redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.node.replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.node.roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.node.roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.node.sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.node.skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.node.storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.node.storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.node.storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.node.tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.node.tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.node.tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.node.useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.node.vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.node.vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.node.veleroNamespace - - description: Replicas is the count of controllers for Controller plugin - displayName: Controller count - path: driver.replicas - - description: SideCars is the specification for CSI sidecar containers - displayName: CSI SideCars specification - path: driver.sideCars - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: driver.sideCars[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: driver.sideCars[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: driver.sideCars[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: driver.sideCars[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: driver.sideCars[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: driver.sideCars[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: driver.sideCars[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: driver.sideCars[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: driver.sideCars[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: driver.sideCars[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: driver.sideCars[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: driver.sideCars[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: driver.sideCars[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: driver.sideCars[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: driver.sideCars[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: driver.sideCars[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: driver.sideCars[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: driver.sideCars[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: driver.sideCars[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: driver.sideCars[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: driver.sideCars[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: driver.sideCars[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: driver.sideCars[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: driver.sideCars[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: driver.sideCars[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: driver.sideCars[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: driver.sideCars[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: driver.sideCars[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: driver.sideCars[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: driver.sideCars[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: driver.sideCars[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: driver.sideCars[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: driver.sideCars[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: driver.sideCars[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: driver.sideCars[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: driver.sideCars[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: driver.sideCars[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: driver.sideCars[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: driver.sideCars[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: driver.sideCars[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: driver.sideCars[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: driver.sideCars[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: driver.sideCars[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: driver.sideCars[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: driver.sideCars[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: driver.sideCars[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: driver.sideCars[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: driver.sideCars[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: driver.sideCars[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: driver.sideCars[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: driver.sideCars[0].veleroNamespace - - description: SnapshotClass is the specification for Snapshot Classes - displayName: Snapshot Classes - path: driver.snapshotClass - - description: Name is the name of the Snapshot Class - displayName: Snapshot Class Name - path: driver.snapshotClass[0].name - - description: - Parameters is a map of driver specific parameters for snapshot - class - displayName: Snapshot Class Parameters - path: driver.snapshotClass[0].parameters - - description: TLSCertSecret is the name of the TLS Cert secret - displayName: TLSCert Secret - path: driver.tlsCertSecret - - description: Components is the specification for CSM components containers - displayName: ContainerStorageModule components specification - path: modules[0].components - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].components[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].components[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].components[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].components[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].components[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].components[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].components[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].components[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].components[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].components[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].components[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].components[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].components[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].components[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].components[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].components[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].components[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].components[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].components[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].components[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].components[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].components[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].components[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].components[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].components[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].components[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].components[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].components[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].components[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].components[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].components[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].components[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].components[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].components[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].components[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].components[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].components[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].components[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].components[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].components[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].components[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].components[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].components[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].components[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].components[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].components[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].components[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].components[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].components[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].components[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].components[0].veleroNamespace - - description: ConfigVersion is the configuration version of the module - displayName: Config Version - path: modules[0].configVersion - - description: Enabled is used to indicate whether or not to deploy a module - displayName: Enabled - path: modules[0].enabled - - description: - ForceRemoveModule is the boolean flag used to remove authorization - proxy server deployment when CR is deleted - displayName: Force Remove Module - path: modules[0].forceRemoveModule - - description: Args is the set of arguments for the container - displayName: Container Arguments - path: modules[0].initContainer[0].args - - description: AuthorizationController is the image tag for the container - displayName: Authorization Controller Container Image - path: modules[0].initContainer[0].authorizationController - - description: - AuthorizationControllerReplicas is the number of replicas for - the authorization controller deployment - displayName: Authorization Controller Replicas - path: modules[0].initContainer[0].authorizationControllerReplicas - - description: - Certificate is a certificate used for a certificate/private-key - pair - displayName: Certificate for certificate/private-key pair - path: modules[0].initContainer[0].certificate - - description: - CertificateAuthority is a certificate authority used to validate - a certificate - displayName: Certificate authority for validating a certificate - path: modules[0].initContainer[0].certificateAuthority - - description: Commander is the image tag for the Container - displayName: Authorization Commander Container Image - path: modules[0].initContainer[0].commander - - description: The interval which the reconcile of each controller is run - displayName: Controller Reconcile Interval - path: modules[0].initContainer[0].controllerReconcileInterval - - description: ComponentCred is to store the velero credential contents - displayName: ComponentCred for velero component - path: modules[0].initContainer[0].credentials - - description: - CreateWithInstall is used to indicate wether or not to create - a secret for objectstore - displayName: CreateWithInstall - path: modules[0].initContainer[0].credentials[0].createWithInstall - - description: - Name is the name of secret which contains credentials to access - objectstore - displayName: Name - path: modules[0].initContainer[0].credentials[0].name - - description: SecretContents contains credentials to access objectstore - displayName: secretContents - path: modules[0].initContainer[0].credentials[0].secretContents - - description: AccessKeyID is a name of key ID to access objectstore - displayName: AccessKeyID - path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id - - description: AccessKey contains the key to access objectstore - displayName: AccessKey - path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key - - description: DeployNodeAgent is to enable/disable node-agent services - displayName: Deploy node-agent for Application Mobility - path: modules[0].initContainer[0].deployNodeAgent - - description: Enabled is used to indicate wether or not to deploy a module - displayName: Enabled - path: modules[0].initContainer[0].enabled - - description: Envs is the set of environment variables for the container - displayName: Container Environment vars - path: modules[0].initContainer[0].envs - - description: Hostname is the authorization proxy server hostname - displayName: Authorization Proxy Server Hostname - path: modules[0].initContainer[0].hostname - - description: Image is the image tag for the Container - displayName: Container Image - path: modules[0].initContainer[0].image - - description: ImagePullPolicy is the image pull policy for the image - displayName: Container Image Pull Policy - path: modules[0].initContainer[0].imagePullPolicy - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy - - description: kvEnginePath is the Authorization vault secret path - displayName: Authorization KV Engine Path - path: modules[0].initContainer[0].kvEnginePath - - description: LeaderElection is boolean flag to enable leader election - displayName: Leader Election - path: modules[0].initContainer[0].leaderElection - - description: LicenseName is the name of the license for app-mobility - displayName: License Name for Application Mobility - path: modules[0].initContainer[0].licenseName - - description: Name is the name of Container - displayName: Container Name - path: modules[0].initContainer[0].name - - description: - NodeSelector is a selector which must be true for the pod to - fit on a node. Selector which must match a node's labels for the pod to - be scheduled on that node. - displayName: NodeSelector - path: modules[0].initContainer[0].nodeSelector - - description: - ObjectStoreSecretName is the name of the secret for the object - store for app-mobility - displayName: Application Mobility Object Store Secret - path: modules[0].initContainer[0].objectStoreSecretName - - description: Opa is the image tag for the Container - displayName: Authorization Opa Container Image - path: modules[0].initContainer[0].opa - - description: OpaKubeMgmt is the image tag for the Container - displayName: Authorization Opa Kube Management Container Image - path: modules[0].initContainer[0].opaKubeMgmt - - description: - PrivateKey is a private key used for a certificate/private-key - pair - displayName: Private key for certificate/private-key pair - path: modules[0].initContainer[0].privateKey - - description: - ProxyServerIngress is the authorization proxy server ingress - configuration - displayName: Authorization Proxy Server ingress configuration - path: modules[0].initContainer[0].proxyServerIngress - - description: - Annotations is an unstructured key value map that stores additional - annotations for the ingress - displayName: Authorization Proxy Server Annotations - path: modules[0].initContainer[0].proxyServerIngress[0].annotations - - description: Hosts is the hosts rules for the ingress - displayName: Authorization Proxy Server Hosts - path: modules[0].initContainer[0].proxyServerIngress[0].hosts - - description: IngressClassName is the ingressClassName - displayName: Authorization Proxy Server Ingress Class Name - path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName - - description: ProxyService is the image tag for the Container - displayName: Authorization Proxy Service Container Image - path: modules[0].initContainer[0].proxyService - - description: - ProxyServiceReplicas is the number of replicas for the proxy - service deployment - displayName: Proxy Service Replicas - path: modules[0].initContainer[0].proxyServiceReplicas - - description: Redis is the image tag for the Container - displayName: Authorization Redis Container Image - path: modules[0].initContainer[0].redis - - description: RedisCommander is the name of the redis deployment - displayName: Redis Deployment Name - path: modules[0].initContainer[0].redisCommander - - description: RedisName is the name of the redis statefulset - displayName: Redis StatefulSet Name - path: modules[0].initContainer[0].redisName - - description: RedisReplicas is the number of replicas for the redis deployment - displayName: Redis Deployment Replicas - path: modules[0].initContainer[0].redisReplicas - - description: ReplicaCount is the replica count for app mobility - displayName: Application Mobility Replica Count - path: modules[0].initContainer[0].replicaCount - - description: RoleService is the image tag for the Container - displayName: Authorization Role Service Container Image - path: modules[0].initContainer[0].roleService - - description: - RoleServiceReplicas is the number of replicas for the role service - deployment - displayName: Role Service Replicas - path: modules[0].initContainer[0].roleServiceReplicas - - description: Sentinel is the name of the sentinel statefulSet - displayName: Sentinel StatefulSet Name - path: modules[0].initContainer[0].sentinel - - description: skipCertificateValidation is the flag to skip certificate validation - displayName: Authorization Skip Certificate Validation - path: modules[0].initContainer[0].skipCertificateValidation - - description: StorageService is the image tag for the Container - displayName: Authorization Storage Service Container Image - path: modules[0].initContainer[0].storageService - - description: - StorageServiceReplicas is the number of replicas for storage - service deployment - displayName: Storage Service Replicas - path: modules[0].initContainer[0].storageServiceReplicas - - description: - RedisStorageClass is the authorization proxy server redis storage - class for persistence - displayName: Authorization Proxy Server Redis storage class - path: modules[0].initContainer[0].storageclass - - description: TenantService is the image tag for the Container - displayName: Authorization Tenant Service Container Image - path: modules[0].initContainer[0].tenantService - - description: - TenantServiceReplicas is the number of replicas for the tenant - service deployment - displayName: Tenant Service Replicas - path: modules[0].initContainer[0].tenantServiceReplicas - - description: Tolerations is the list of tolerations for the driver pods - displayName: Tolerations - path: modules[0].initContainer[0].tolerations - - description: - UseSnapshot is to check whether volume snapshot is enabled under - velero component - displayName: use-volume-snapshots for Application Mobilit- Velero - path: modules[0].initContainer[0].useVolumeSnapshot - - description: VaultAddress is the address of the vault - displayName: Authorization Vault Address - path: modules[0].initContainer[0].vaultAddress - - description: VaultRole is the role for the vault - displayName: Authorization Vault Role - path: modules[0].initContainer[0].vaultRole - - description: VeleroNamespace is the namespace that Velero is installed in - displayName: Velero namespace - path: modules[0].initContainer[0].veleroNamespace - - description: Name is name of ContainerStorageModule modules - displayName: Name - path: modules[0].name - statusDescriptors: - - description: Number of Available Controller pods - displayName: Available - path: controllerStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Controller pods - displayName: Desired - path: controllerStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Controller pods - displayName: Failed - path: controllerStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Available Node pods - displayName: Available - path: nodeStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Node pods - displayName: Desired - path: nodeStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Node pods - displayName: Failed - path: nodeStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: State is the state of the driver installation - displayName: State - path: state - x-descriptors: - - urn:alm:descriptor:text - version: v1 - description: - "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator + - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient + API + displayName: Apex Connectivity Client + kind: ApexConnectivityClient + name: apexconnectivityclients.storage.dell.com + specDescriptors: + - description: Common is the common specification for both controller and node + plugins + displayName: Common specification + path: client.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.common.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.common.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.common.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.common.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.common.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.common.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.common.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.common.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.common.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.common.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.common.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.common.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.common.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.common.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.common.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.common.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.common.veleroNamespace + - description: ConfigVersion is the configuration version of the client + displayName: Config Version + path: client.configVersion + - description: ConnectionTarget is the target that the client connects to in + the Dell datacenter + displayName: Connection Target + path: client.connectionTarget + - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + displayName: Client Type + path: client.csmClientType + - description: ForceRemoveClient is the boolean flag used to remove client deployment + when CR is deleted + displayName: Force Remove Client + path: client.forceRemoveClient + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.initContainers[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.initContainers[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.initContainers[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.initContainers[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.initContainers[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.initContainers[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.initContainers[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.initContainers[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.initContainers[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.initContainers[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.initContainers[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.initContainers[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.initContainers[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.initContainers[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.initContainers[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.initContainers[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.initContainers[0].veleroNamespace + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: client.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: client.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: client.sideCars[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: client.sideCars[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: client.sideCars[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: client.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: client.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: client.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: client.sideCars[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: client.sideCars[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: client.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: client.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: client.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: client.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: client.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: client.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: client.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: client.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: client.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: client.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: client.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: client.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: client.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: client.sideCars[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: client.sideCars[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: client.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: client.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: client.sideCars[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: client.sideCars[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: client.sideCars[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: client.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: client.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: client.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: client.sideCars[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: client.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: client.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: client.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: client.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: client.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: client.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: client.sideCars[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: client.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: client.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: client.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: client.sideCars[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: client.sideCars[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: client.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: client.sideCars[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: client.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: client.sideCars[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: client.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: client.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: client.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: client.sideCars[0].veleroNamespace + - description: UsePrivateCaCerts is used to specify private CA signed certs + displayName: Use Private CA Certs + path: client.usePrivateCaCerts + - description: State is the state of the client installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + - description: ContainerStorageModule is the Schema for the containerstoragemodules + API + displayName: Container Storage Module + kind: ContainerStorageModule + name: containerstoragemodules.storage.dell.com + specDescriptors: + - description: AuthSecret is the name of the credentials secret for the driver + displayName: Auth Secret + path: driver.authSecret + - description: Common is the common specification for both controller and node + plugins + displayName: Common specification + path: driver.common + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.common.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.common.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.common.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.common.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.common.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.common.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.common.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.common.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.common.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.common.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.common.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.common.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.common.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.common.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.common.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.common.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.common.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.common.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.common.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.common.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.common.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.common.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.common.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.common.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.common.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.common.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.common.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.common.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.common.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.common.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.common.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.common.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.common.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.common.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.common.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.common.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.common.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.common.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.common.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.common.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.common.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.common.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.common.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.common.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.common.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.common.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.common.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.common.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.common.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.common.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.common.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.common.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.common.veleroNamespace + - description: ConfigVersion is the configuration version of the driver + displayName: Config Version + path: driver.configVersion + - description: Controller is the specification for Controller plugin only + displayName: Controller Specification + path: driver.controller + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.controller.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.controller.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.controller.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.controller.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.controller.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.controller.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.controller.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.controller.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.controller.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.controller.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.controller.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.controller.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.controller.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.controller.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.controller.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.controller.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.controller.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.controller.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.controller.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.controller.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.controller.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.controller.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.controller.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.controller.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.controller.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.controller.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.controller.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.controller.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.controller.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.controller.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.controller.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.controller.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.controller.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.controller.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.controller.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.controller.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.controller.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.controller.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.controller.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.controller.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.controller.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.controller.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.controller.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.controller.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.controller.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.controller.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.controller.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.controller.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.controller.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.controller.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.controller.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.controller.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.controller.veleroNamespace + - description: CSIDriverSpec is the specification for CSIDriver + displayName: CSI Driver Spec + path: driver.csiDriverSpec + - description: CSIDriverType is the CSI Driver type for Dell Technologies - + e.g, powermax, powerflex,... + displayName: CSI Driver Type + path: driver.csiDriverType + - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + displayName: DNSPolicy + path: driver.dnsPolicy + - description: ForceRemoveDriver is the boolean flag used to remove driver deployment + when CR is deleted + displayName: Force Remove Driver + path: driver.forceRemoveDriver + - description: ForceUpdate is the boolean flag used to force an update of the + driver instance + displayName: Force update + path: driver.forceUpdate + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.initContainers[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.initContainers[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.initContainers[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.initContainers[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.initContainers[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.initContainers[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.initContainers[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.initContainers[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.initContainers[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.initContainers[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.initContainers[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.initContainers[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.initContainers[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.initContainers[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.initContainers[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.initContainers[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.initContainers[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.initContainers[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.initContainers[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.initContainers[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.initContainers[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.initContainers[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.initContainers[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.initContainers[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.initContainers[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.initContainers[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.initContainers[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.initContainers[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.initContainers[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.initContainers[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.initContainers[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.initContainers[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.initContainers[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.initContainers[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.initContainers[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.initContainers[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.initContainers[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.initContainers[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.initContainers[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.initContainers[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.initContainers[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.initContainers[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.initContainers[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.initContainers[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.initContainers[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.initContainers[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.initContainers[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.initContainers[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.initContainers[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.initContainers[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.initContainers[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.initContainers[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.initContainers[0].veleroNamespace + - description: Node is the specification for Node plugin only + displayName: Node specification + path: driver.node + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.node.args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.node.authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.node.authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.node.certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.node.certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.node.commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.node.controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.node.credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.node.credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.node.credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.node.credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.node.credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.node.credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.node.deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.node.enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.node.envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.node.hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.node.image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.node.imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.node.kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.node.leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.node.licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.node.name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.node.nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.node.objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.node.opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.node.opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.node.privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.node.proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.node.proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.node.proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.node.proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.node.proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.node.proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.node.redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.node.redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.node.redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.node.redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.node.replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.node.roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.node.roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.node.sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.node.skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.node.storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.node.storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.node.storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.node.tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.node.tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.node.tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.node.useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.node.vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.node.vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.node.veleroNamespace + - description: Replicas is the count of controllers for Controller plugin + displayName: Controller count + path: driver.replicas + - description: SideCars is the specification for CSI sidecar containers + displayName: CSI SideCars specification + path: driver.sideCars + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: driver.sideCars[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: driver.sideCars[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: driver.sideCars[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: driver.sideCars[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: driver.sideCars[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: driver.sideCars[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: driver.sideCars[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: driver.sideCars[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: driver.sideCars[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: driver.sideCars[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: driver.sideCars[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: driver.sideCars[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: driver.sideCars[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: driver.sideCars[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: driver.sideCars[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: driver.sideCars[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: driver.sideCars[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: driver.sideCars[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: driver.sideCars[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: driver.sideCars[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: driver.sideCars[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: driver.sideCars[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: driver.sideCars[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: driver.sideCars[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: driver.sideCars[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: driver.sideCars[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: driver.sideCars[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: driver.sideCars[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: driver.sideCars[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: driver.sideCars[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: driver.sideCars[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: driver.sideCars[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: driver.sideCars[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: driver.sideCars[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: driver.sideCars[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: driver.sideCars[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: driver.sideCars[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: driver.sideCars[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: driver.sideCars[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: driver.sideCars[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: driver.sideCars[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: driver.sideCars[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: driver.sideCars[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: driver.sideCars[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: driver.sideCars[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: driver.sideCars[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: driver.sideCars[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: driver.sideCars[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: driver.sideCars[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: driver.sideCars[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: driver.sideCars[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: driver.sideCars[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: driver.sideCars[0].veleroNamespace + - description: SnapshotClass is the specification for Snapshot Classes + displayName: Snapshot Classes + path: driver.snapshotClass + - description: Name is the name of the Snapshot Class + displayName: Snapshot Class Name + path: driver.snapshotClass[0].name + - description: Parameters is a map of driver specific parameters for snapshot + class + displayName: Snapshot Class Parameters + path: driver.snapshotClass[0].parameters + - description: TLSCertSecret is the name of the TLS Cert secret + displayName: TLSCert Secret + path: driver.tlsCertSecret + - description: Components is the specification for CSM components containers + displayName: ContainerStorageModule components specification + path: modules[0].components + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].components[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].components[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].components[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].components[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].components[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].components[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].components[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].components[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].components[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].components[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].components[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].components[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].components[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].components[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].components[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].components[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].components[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].components[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].components[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].components[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].components[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].components[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].components[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].components[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].components[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].components[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].components[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].components[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].components[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].components[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].components[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].components[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].components[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].components[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].components[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].components[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].components[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].components[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].components[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].components[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].components[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].components[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].components[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].components[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].components[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].components[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].components[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].components[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].components[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].components[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].components[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].components[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].components[0].veleroNamespace + - description: ConfigVersion is the configuration version of the module + displayName: Config Version + path: modules[0].configVersion + - description: Enabled is used to indicate whether or not to deploy a module + displayName: Enabled + path: modules[0].enabled + - description: ForceRemoveModule is the boolean flag used to remove authorization + proxy server deployment when CR is deleted + displayName: Force Remove Module + path: modules[0].forceRemoveModule + - description: Args is the set of arguments for the container + displayName: Container Arguments + path: modules[0].initContainer[0].args + - description: AuthorizationController is the image tag for the container + displayName: Authorization Controller Container Image + path: modules[0].initContainer[0].authorizationController + - description: AuthorizationControllerReplicas is the number of replicas for + the authorization controller deployment + displayName: Authorization Controller Replicas + path: modules[0].initContainer[0].authorizationControllerReplicas + - description: Certificate is a certificate used for a certificate/private-key + pair + displayName: Certificate for certificate/private-key pair + path: modules[0].initContainer[0].certificate + - description: CertificateAuthority is a certificate authority used to validate + a certificate + displayName: Certificate authority for validating a certificate + path: modules[0].initContainer[0].certificateAuthority + - description: Commander is the image tag for the Container + displayName: Authorization Commander Container Image + path: modules[0].initContainer[0].commander + - description: The interval which the reconcile of each controller is run + displayName: Controller Reconcile Interval + path: modules[0].initContainer[0].controllerReconcileInterval + - description: ComponentCred is to store the velero credential contents + displayName: ComponentCred for velero component + path: modules[0].initContainer[0].credentials + - description: CreateWithInstall is used to indicate wether or not to create + a secret for objectstore + displayName: CreateWithInstall + path: modules[0].initContainer[0].credentials[0].createWithInstall + - description: Name is the name of secret which contains credentials to access + objectstore + displayName: Name + path: modules[0].initContainer[0].credentials[0].name + - description: SecretContents contains credentials to access objectstore + displayName: secretContents + path: modules[0].initContainer[0].credentials[0].secretContents + - description: AccessKeyID is a name of key ID to access objectstore + displayName: AccessKeyID + path: modules[0].initContainer[0].credentials[0].secretContents.aws_access_key_id + - description: AccessKey contains the key to access objectstore + displayName: AccessKey + path: modules[0].initContainer[0].credentials[0].secretContents.aws_secret_access_key + - description: DeployNodeAgent is to enable/disable node-agent services + displayName: Deploy node-agent for Application Mobility + path: modules[0].initContainer[0].deployNodeAgent + - description: Enabled is used to indicate wether or not to deploy a module + displayName: Enabled + path: modules[0].initContainer[0].enabled + - description: Envs is the set of environment variables for the container + displayName: Container Environment vars + path: modules[0].initContainer[0].envs + - description: Hostname is the authorization proxy server hostname + displayName: Authorization Proxy Server Hostname + path: modules[0].initContainer[0].hostname + - description: Image is the image tag for the Container + displayName: Container Image + path: modules[0].initContainer[0].image + - description: ImagePullPolicy is the image pull policy for the image + displayName: Container Image Pull Policy + path: modules[0].initContainer[0].imagePullPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:imagePullPolicy + - description: kvEnginePath is the Authorization vault secret path + displayName: Authorization KV Engine Path + path: modules[0].initContainer[0].kvEnginePath + - description: LeaderElection is boolean flag to enable leader election + displayName: Leader Election + path: modules[0].initContainer[0].leaderElection + - description: LicenseName is the name of the license for app-mobility + displayName: License Name for Application Mobility + path: modules[0].initContainer[0].licenseName + - description: Name is the name of Container + displayName: Container Name + path: modules[0].initContainer[0].name + - description: NodeSelector is a selector which must be true for the pod to + fit on a node. Selector which must match a node's labels for the pod to + be scheduled on that node. + displayName: NodeSelector + path: modules[0].initContainer[0].nodeSelector + - description: ObjectStoreSecretName is the name of the secret for the object + store for app-mobility + displayName: Application Mobility Object Store Secret + path: modules[0].initContainer[0].objectStoreSecretName + - description: Opa is the image tag for the Container + displayName: Authorization Opa Container Image + path: modules[0].initContainer[0].opa + - description: OpaKubeMgmt is the image tag for the Container + displayName: Authorization Opa Kube Management Container Image + path: modules[0].initContainer[0].opaKubeMgmt + - description: PrivateKey is a private key used for a certificate/private-key + pair + displayName: Private key for certificate/private-key pair + path: modules[0].initContainer[0].privateKey + - description: ProxyServerIngress is the authorization proxy server ingress + configuration + displayName: Authorization Proxy Server ingress configuration + path: modules[0].initContainer[0].proxyServerIngress + - description: Annotations is an unstructured key value map that stores additional + annotations for the ingress + displayName: Authorization Proxy Server Annotations + path: modules[0].initContainer[0].proxyServerIngress[0].annotations + - description: Hosts is the hosts rules for the ingress + displayName: Authorization Proxy Server Hosts + path: modules[0].initContainer[0].proxyServerIngress[0].hosts + - description: IngressClassName is the ingressClassName + displayName: Authorization Proxy Server Ingress Class Name + path: modules[0].initContainer[0].proxyServerIngress[0].ingressClassName + - description: ProxyService is the image tag for the Container + displayName: Authorization Proxy Service Container Image + path: modules[0].initContainer[0].proxyService + - description: ProxyServiceReplicas is the number of replicas for the proxy + service deployment + displayName: Proxy Service Replicas + path: modules[0].initContainer[0].proxyServiceReplicas + - description: Redis is the image tag for the Container + displayName: Authorization Redis Container Image + path: modules[0].initContainer[0].redis + - description: RedisCommander is the name of the redis deployment + displayName: Redis Deployment Name + path: modules[0].initContainer[0].redisCommander + - description: RedisName is the name of the redis statefulset + displayName: Redis StatefulSet Name + path: modules[0].initContainer[0].redisName + - description: RedisReplicas is the number of replicas for the redis deployment + displayName: Redis Deployment Replicas + path: modules[0].initContainer[0].redisReplicas + - description: ReplicaCount is the replica count for app mobility + displayName: Application Mobility Replica Count + path: modules[0].initContainer[0].replicaCount + - description: RoleService is the image tag for the Container + displayName: Authorization Role Service Container Image + path: modules[0].initContainer[0].roleService + - description: RoleServiceReplicas is the number of replicas for the role service + deployment + displayName: Role Service Replicas + path: modules[0].initContainer[0].roleServiceReplicas + - description: Sentinel is the name of the sentinel statefulSet + displayName: Sentinel StatefulSet Name + path: modules[0].initContainer[0].sentinel + - description: skipCertificateValidation is the flag to skip certificate validation + displayName: Authorization Skip Certificate Validation + path: modules[0].initContainer[0].skipCertificateValidation + - description: StorageService is the image tag for the Container + displayName: Authorization Storage Service Container Image + path: modules[0].initContainer[0].storageService + - description: StorageServiceReplicas is the number of replicas for storage + service deployment + displayName: Storage Service Replicas + path: modules[0].initContainer[0].storageServiceReplicas + - description: RedisStorageClass is the authorization proxy server redis storage + class for persistence + displayName: Authorization Proxy Server Redis storage class + path: modules[0].initContainer[0].storageclass + - description: TenantService is the image tag for the Container + displayName: Authorization Tenant Service Container Image + path: modules[0].initContainer[0].tenantService + - description: TenantServiceReplicas is the number of replicas for the tenant + service deployment + displayName: Tenant Service Replicas + path: modules[0].initContainer[0].tenantServiceReplicas + - description: Tolerations is the list of tolerations for the driver pods + displayName: Tolerations + path: modules[0].initContainer[0].tolerations + - description: UseSnapshot is to check whether volume snapshot is enabled under + velero component + displayName: use-volume-snapshots for Application Mobilit- Velero + path: modules[0].initContainer[0].useVolumeSnapshot + - description: VaultAddress is the address of the vault + displayName: Authorization Vault Address + path: modules[0].initContainer[0].vaultAddress + - description: VaultRole is the role for the vault + displayName: Authorization Vault Role + path: modules[0].initContainer[0].vaultRole + - description: VeleroNamespace is the namespace that Velero is installed in + displayName: Velero namespace + path: modules[0].initContainer[0].veleroNamespace + - description: Name is name of ContainerStorageModule modules + displayName: Name + path: modules[0].name + statusDescriptors: + - description: Number of Available Controller pods + displayName: Available + path: controllerStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Controller pods + displayName: Desired + path: controllerStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Controller pods + displayName: Failed + path: controllerStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Available Node pods + displayName: Available + path: nodeStatus.available + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Desired Node pods + displayName: Desired + path: nodeStatus.desired + x-descriptors: + - urn:alm:descriptor:text + - description: Number of Failed Node pods + displayName: Failed + path: nodeStatus.failed + x-descriptors: + - urn:alm:descriptor:text + - description: State is the state of the driver installation + displayName: State + path: state + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: "Dell Container Storage Modules (CSM) Operator is a Kubernetes Operator which can be \nused to install and manage Dell’s CSI drivers and CSM modules. \nBy using Dell CSM Operator, enterprises can quickly and easily deploy the \nCSM modules for CSI drivers making it easy for DevOps \nteams to build and optimize @@ -2152,98 +1980,98 @@ spec: Solution Brief](https://www.delltechnologies.com/asset/en-us/products/storage/briefs-summaries/h17893-dellemc-storage-for-containers-kubernetes-csi-so.pdf)\n" displayName: Dell Container Storage Modules icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC - mediatype: image/png + - base64data: iVBORw0KGgoAAAANSUhEUgAAAFAAAAAoCAYAAABpYH0BAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAALiMAAC4jAXilP3YAAAtlSURBVGhD7ZoNcFXFFcfPfS8JSdBQG5GK38PUDwhFkgAiLQ5+UloGq5OoRcap1lSxKiMhAYOEoIGQhGqNoIJUseo4oGMFpVpHbasiFEIQAWurUrWAGQoin/m829+5d1/ee0leQhJtUof/zL7dc87uubvnnj37cZ8jPQG5lWMl4EyQ+poCuf/CvZb7fwFHcjfeasttI2BqxHV3iLibpXzEF5bbNdy+NkUSE8rpxS+h9GXuJMuR0qEve/L2MHVTmjjujyzlIyB1Upq+1FLtI69qkLhmtKV8OFIvZemPWapNOJK30dhyB2C2kJ6RQONiKRmxxzI7hmmVl4jj6EDP8BmRcBfL/IxbkLfdt7zKXzOECkv5MPIVg/+OpdrHtEp9zsOWsjCHpDTjOEu0iYDNOwgnjaZzxY3bLnkbciVredAK2sfUTb0Z+EJe3WtQrRhPNosT90i7xush6KQBQ3COR0WZnDXgFbmzqv23nl85WoLue7SbTIqOv0YamEpzJSlhmMw/v8pyRWZs7ifT3uY5PROtG9CYNfw+FU7maQa8mvJ/SK3AuVQSzKued7WGnA3JTJX7xXXehBrgMyNg5AMJyoVSnlEgRWl1lsv02nidNDRsFUnaLNOqxlhuj0IsD3yEQDwpnDKuJ7D/RJK+OlmMk438U79aBBwZLsGGZrEE5FaOlD5OFQ43hTrNn9dIKpPkr9KlJH29zwJT3zkJ4z1H/WdIqbQ9k7j4OryKmC+pm9CxKVw0pkHKhq6Q+oR03CY84CYEJjHIi7xi4ZuJlOezPXkLA5zt8aLxD9JoXlAeemt8FsitvFoCiVsw3NWW48PxpvyN7AbG+Yyegc7FwPvT9kqcO4Gp/qXlhOGYPJn6t2FyOKUSI+TBiV5gjHH5+a0kuUMxnoYKH9PXpbK4sLI7eJ7T13IjYN7h53zvBfYgdM6AirnDdmGtBywViSskELcGIwy0dBhGPqHNxYSEKVKUedhyWVw2jWdFZ2vkXGc5YRj2n0ZyJSl9NNuTf1ounrp+AOFkoqW6DZ03oMIJvmBLEXCCeF6cJXwYY0gPy6GEIRjhL5bLNGflnlb1hBh3Je2+Z7mRWIeudNoskCIHzwXGOISGyRIIbkJ2gcfrRnTNgObAv2ypbTjOi5K8/w5ZlHbQcvzj22GXWGdusJxI1JLulsyho/DWD3wWmFp5huRXvYbhFkId1Ub3m0bXDBiXkmxL7eFKYuJa79ikx7e8yiXEutUY9hQrj4DZyOI8jPg4T7IdXaWVRzTdcLMEnc0Ql/i8noGuGdBtOPop5DgZNKiUpPhtEKGzbyTqkc+WfeYCKR32vuVxXFt7KoZnDxpYDJXiM3sOumhA5zZbCsOYHfwS01qD04vUitfp8a1hhJRmFsniTAxpkbeR6R2vxhzrMyKgZ16RP/lE96HzBpxWmUP8usxSYTjOEqbfBHHlBgbZcpvTHMaZ5x/fhoePb1PWn8xCoS/hCRS2PCIa85okxA+msMpyug0dN2ChCRDD7sJQiywnAuYLcVx/a1Oe/qTEO4MZ7B89OhYc80OprT3dUv7xLT74PhN8vOVE4gD6bmVVvkKKB39ued2KGNdZZqo01oe3KPEBR+rjUtkSj4S6ifQDjx8JYxrFBMZJ+dDm04ptx/qb2N0soBwjhplD/Myi6oXk0SeQEIz5s7j1N8qCC7ZbTuvXWWrkxrohthwbgfhaKcvY2ep1lpHD4talWSo20NHJ+8Bm0JsUg2HV62Ihf8vpYmqXMuBLLecogXFdmSG9Vy6UoiJ/LxhC6wY8SnAULc0Y3vp94FHCmKquLSI+dqJpbJvGU8xP+4zYeDmlydQP7wfbBMe3AMe38oyKFsbrIeiCAc0+3sA8Yt5ApsLrltkOHIMRH5ZAI1PMhE8kLXEEj/aPbyUZH1lej4QaUO/42k9GPiN/l/xR8ixJMqdguLtlfqZuJzqGkuGfSNLKi9E1hRQ+E/tYJ0E3+vgWE84Rflrvb3vJ3wZhgYDeBLVep73kyL7u/yp317qzJRj3OJ1ho22KJDOjNHwCOYajg35Tya8601LHcAzHcAz/KzhFRUXPGmPiLd0CyJZSR7/IdQiFhYVscmUtbTf4nK8P6Nbdw2PovtHndB4zZszol5CQ8CW6wl8DO4DAli1bJg4cODBbE8bSLUpiiNY0e/bsts+yMeA4zgiyU33qa0cA/T+z5S4hMTGxIhAIsAPoHKK2MbyFMRhxCkabYFkeysrKeh88eLDPoEGDqrOzs1tsMYqLi/sil3nz5u22LEHH79H1PDr/gMecCMul3Oofh/CCvikpKQ3kLW5vaKs3zynbtm2rXrFihfdseHEYcDfPOEFphfLITiLt4znN95ZSUlLS58iRI0nIqiFjHl/Vu+Pj4/vV19cfou5+y/YQekZycvKB/Pz8A8pr04AYRhU94glF9A9FA5G/Sr25ykDhVWR5DMa7dkf2fbK5yFerASl/BO888n3U0S9t36Vz1xYUFFQjXwb9V/iXua6rch18Hyvffe+9957W2Ni4iPZqtC+QDyZfzTPn0jYI7RnQDuo+aL2I2Er908hrmJa3qh7k/ZE9Dk+NqmPQ7dJyUhbtx5Gep80C+ryGurfAv576qkdfjl5+TEb2CbIc+JPg6/2k9vW42traidEff5oB4z1Fowdp7N27kWvseYaH3oDbb2LgxSgcBe15FnL1tA3kOhg16CiycXSgQWnq3YnOORR/hawX+dVbt24dH+FZuXV1dWSFd2C8ldQp0JehsuXLlwfxwmfRoZe4oZeqoaKALJU2F1H2PIs6E3mOGmkMvCfQsxg9z6mMeuq9+u+vBKW1H4wjHv7l8LOgL6a9Fw/vueeekcFg8HlkGcjKkPVDj/cNmzqFTP+rYp6Fp0+fnkp29o4dO17JycmJ17Rr1y79xqtX69k89FoULkFh07SkrEeca0mhgPwkPM94Coz+Bm2arpro1LKQ8RTofBPeEHKNSYdp27R4aeigbRHFqIUD3i/i4uJm0a5pWjK4p+GfzMAzIc9Dj2c8hfZHPduSkdA1YCljNKHxVldX6wKoYzkXmZ7dZ82cOXMIehN4RhFpSUwD9urV63gapfbv3//ZyERHb4NfRdIpudOvHQYd1JVXDalofuvi0r7pQzsDiZKj0yUFMXQ/8hYXpjU1NZ/Tvp8lPUD3ZVAt/q8IX+sOotgUl0NAv8bBKFD3eNLtzceL6N+kOrxfF601vCyd4i9ixJd47jkxp/DevXt3paam7tuzZ8/PKyoq9DOjBxqeiFufwOCvgTzX54bBW9E48ZYlOwX0f4z+FheaBO80vPNjS4awnT6dw0v7u6W96U5oOIfBvo2e+cjj1POsWF/UAIxgKR/wVO9b1HvI5/hgGo/o3bv3bnYkP0b2EixN6ijj0fFATA+0RnsaI/5G3Vl5dCSRRsvo1Eg6t4zyJHVplSnmzJkzlGw2qUt/0501a9YH6N7Oy8hnYN5IdaXHeHqrXa50BMqo+5CuskpkZWWp8YopvsHgP6b9auQzoJv04IFTtBwJxrOEerczBl30PDDecbzMR3EinTkLWZTOsiKFxtCGKAPSQd1GNL1JOnI3HdiOK+uq+iIsDeyrsP6TdO5zOnIlD57Jg15Cvor2efB00dhPvQ+pH5rKHujEQfjv2fKH1I36dythQ7cN+u1XPeIaUh/0vor+lSwKumrfh2792KTXXO9qPeTKX8L0Xq59ZKv1Crr1E0GOyvfv368hpw86Xkf+AnoehK2LUGirs41+fMl4tuszcY5iO56X0XMdvJ+yjTtAnsUO4QHtC7JV0FeRWn6V/LaBAWeSor7hQN9F8rZiXUV0IPgWAo8dxcyoYCrejHd9ircN01DQ0NBwBdO5y1/2vvUGVOBt55Pp9kr3qXqz/jsMq6trFyHyX+sbEAjrhciCAAAAAElFTkSuQmCC + mediatype: image/png install: spec: deployments: null strategy: "" installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - Dell Container Storage Modules - - Dell CSI Driver - - Dell CSM Modules - - Powerflex - - Powerscale - - Powerstore - - Unity - - Authorization - - Observability - - Replication + - Dell Container Storage Modules + - Dell CSI Driver + - Dell CSM Modules + - Powerflex + - Powerscale + - Powerstore + - Unity + - Authorization + - Observability + - Replication links: - - name: Documentation - url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ + - name: Documentation + url: https://dell.github.io/csm-docs/docs/deployment/csmoperator/ maintainers: - - email: container.storage.modules@dell.com - name: Dell Container Storage Modules + - email: container.storage.modules@dell.com + name: Dell Container Storage Modules maturity: stable minKubeVersion: 1.28.0 provider: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.6.1 - name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.11.0 - name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.11.0 - name: csi-powermax - - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.11.1 - name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.11.1 - name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.11.0 - name: csi-vxflexos - - image: docker.io/dellemc/sdc:4.5.2.1 - name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 - name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.9.0 - name: dell-replication-controller-manager - - image: docker.io/dellemc/csm-topology:v1.9.0 - name: topology - - image: docker.io/otel/opentelemetry-collector:0.42.0 - name: otel-collector - - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - name: metrics-powerscale - - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - name: metrics-powermax - - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.10.0 - name: podmon-node - - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - name: attacher - - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - name: provisioner - - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - name: snapshotter - - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - name: registrar - - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - name: resizer - - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - name: externalhealthmonitorcontroller - - image: dellemc/csi-metadata-retriever:v1.8.0 - name: metadataretriever - - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - name: dell-connectivity-client - - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - name: cert-persister + - image: docker.io/dellemc/dell-csm-operator:v1.6.1 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.11.0 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.11.0 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.11.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.11.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.11.0 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5.2.1 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.9.0 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.9.0 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.9.0 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.10.0 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + - image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + name: attacher + - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + name: provisioner + - image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + name: snapshotter + - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + name: registrar + - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + name: resizer + - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + name: externalhealthmonitorcontroller + - image: dellemc/csi-metadata-retriever:v1.8.0 + name: metadataretriever + - image: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + name: dell-connectivity-client + - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + name: cert-persister skips: - - dell-csm-operator.v1.5.1 + - dell-csm-operator.v1.5.1 version: 1.6.1 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index 54dbdceba..ad5795edc 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -1,10 +1,11 @@ # These resources constitute the fully configured set of manifests # used to generate the 'manifests/' directory in a bundle. resources: - - bases/dell-csm-operator.clusterserviceversion.yaml - - ../default - - ../samples - - ../scorecard +- bases/dell-csm-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard + # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. # These patches remove the unnecessary "cert" volume and its manager container volumeMount. diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index d556b996a..ed137168a 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,2 @@ resources: - - monitor.yaml +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 6812d4d5e..d19136ae7 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,3 +1,4 @@ + # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/config/rbac/application_mobility_clusterrole.yaml b/config/rbac/application_mobility_clusterrole.yaml index e66c1ee02..346ae33d8 100644 --- a/config/rbac/application_mobility_clusterrole.yaml +++ b/config/rbac/application_mobility_clusterrole.yaml @@ -3,9 +3,9 @@ kind: ClusterRole metadata: name: application-mobility-velero-server rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/config/rbac/application_mobility_role_binding.yaml b/config/rbac/application_mobility_role_binding.yaml index 3f7c3b5c1..1b44c677f 100644 --- a/config/rbac/application_mobility_role_binding.yaml +++ b/config/rbac/application_mobility_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: application-mobility-velero-server subjects: - - kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator +- kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator \ No newline at end of file diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml index 07f438293..51a75db47 100644 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -3,7 +3,7 @@ kind: ClusterRole metadata: name: metrics-reader rules: - - nonResourceURLs: - - "/metrics" - verbs: - - get +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml index 2e55d6aea..80e1857c5 100644 --- a/config/rbac/auth_proxy_role.yaml +++ b/config/rbac/auth_proxy_role.yaml @@ -3,15 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml index 076aa4d4d..48ed1e4b8 100644 --- a/config/rbac/auth_proxy_role_binding.yaml +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: - - kind: ServiceAccount - name: default - namespace: system +- kind: ServiceAccount + name: default + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml index 7fa7a0104..71f179727 100644 --- a/config/rbac/auth_proxy_service.yaml +++ b/config/rbac/auth_proxy_service.yaml @@ -7,9 +7,9 @@ metadata: namespace: system spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/config/rbac/csm_editor_role.yaml b/config/rbac/csm_editor_role.yaml index cb388f62d..d6bf406c1 100644 --- a/config/rbac/csm_editor_role.yaml +++ b/config/rbac/csm_editor_role.yaml @@ -4,21 +4,21 @@ kind: ClusterRole metadata: name: containerstoragemodule-editor-role rules: - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get diff --git a/config/rbac/csm_viewer_role.yaml b/config/rbac/csm_viewer_role.yaml index f378d00ae..0cff6342a 100644 --- a/config/rbac/csm_viewer_role.yaml +++ b/config/rbac/csm_viewer_role.yaml @@ -4,17 +4,17 @@ kind: ClusterRole metadata: name: containerstoragemodule-viewer-role rules: - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - get - - list - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - get + - list + - watch +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 1017df028..e0bffb4d4 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,20 +1,20 @@ resources: - # All RBAC will be applied under this service account in - # the deployment namespace. You may comment out this resource - # if your manager will use a service account that exists at - # runtime. Be sure to update RoleBinding and ClusterRoleBinding - # subjects if changing service account names. - - role.yaml - - role_binding.yaml - - leader_election_role.yaml - - leader_election_role_binding.yaml - # Comment the following 4 lines if you want to disable - # the auth proxy (https://github.com/brancz/kube-rbac-proxy) - # which protects your /metrics endpoint. - - auth_proxy_service.yaml - - auth_proxy_role.yaml - - auth_proxy_role_binding.yaml - - auth_proxy_client_clusterrole.yaml +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml - - application_mobility_clusterrole.yaml - - application_mobility_role_binding.yaml +- application_mobility_clusterrole.yaml +- application_mobility_role_binding.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 9221419fa..4190ec805 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -4,34 +4,34 @@ kind: Role metadata: name: leader-election-role rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 14f48991f..eed16906f 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: Role name: leader-election-role subjects: - - kind: ServiceAccount - name: default - namespace: system +- kind: ServiceAccount + name: default + namespace: system diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index dde44c600..b64fc8865 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -4,1138 +4,1138 @@ kind: ClusterRole metadata: name: manager-role rules: - - nonResourceURLs: - - /metrics - verbs: - - get - - apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - "*" - - apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch - - apiGroups: - - "*" - resourceNames: - - application-mobility-velero-server - resources: - - "*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update - - apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update - - apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update - - apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - "*" - - apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch +- nonResourceURLs: + - /metrics + verbs: + - get +- apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - '*' +- apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - '*' + resourceNames: + - application-mobility-velero-server + resources: + - '*' + verbs: + - '*' +- apiGroups: + - acme.cert-manager.io + resources: + - '*/*' + verbs: + - '*' +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - '*/*' + verbs: + - '*' +- apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - '*' +- apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update +- apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index a97ace9bb..c381046f5 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: manager-role subjects: - - kind: ServiceAccount - name: manager-service-account - namespace: default +- kind: ServiceAccount + name: manager-service-account + namespace: default diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 0d8ca0545..19b8a43f5 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -6,4 +6,4 @@ resources: - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml - storage_v1_csm_connectivity_client.yaml -#+kubebuilder:scaffold:manifestskustomizesamples +#+kubebuilder:scaffold:manifestskustomizesamples \ No newline at end of file diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 724382897..16d8d2d89 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -111,7 +111,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 2936c4890..192c2d6d4 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -70,15 +70,15 @@ spec: # ssl authentication. (unity-cert-0..unity-cert-n) # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false # Allowed values: n, where n > 0 - # Default value: None + # Default value: None - name: CERT_SECRET_COUNT value: "1" # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate # Allowed values: # true: skip Unisphere API server's certificate verification - # false: verify Unisphere API server's certificates - # Default value: true + # false: verify Unisphere API server's certificates + # Default value: true - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION value: "true" sideCars: diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml index 707a5c25f..c77047841 100644 --- a/config/scorecard/bases/config.yaml +++ b/config/scorecard/bases/config.yaml @@ -3,5 +3,5 @@ kind: Configuration metadata: name: config stages: - - parallel: true - tests: [] +- parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml index ee7181bb3..50cd2d084 100644 --- a/config/scorecard/kustomization.yaml +++ b/config/scorecard/kustomization.yaml @@ -1,16 +1,16 @@ resources: - - bases/config.yaml +- bases/config.yaml patchesJson6902: - - path: patches/basic.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config - - path: patches/olm.config.yaml - target: - group: scorecard.operatorframework.io - version: v1alpha3 - kind: Configuration - name: config +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config #+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml index d133b88ac..ebd7145ca 100644 --- a/config/scorecard/patches/basic.config.yaml +++ b/config/scorecard/patches/basic.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - basic-check-spec + - scorecard-test + - basic-check-spec image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: basic diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml index ec284ba16..79b4a634c 100644 --- a/config/scorecard/patches/olm.config.yaml +++ b/config/scorecard/patches/olm.config.yaml @@ -2,8 +2,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-bundle-validation + - scorecard-test + - olm-bundle-validation image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -12,8 +12,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-validation + - scorecard-test + - olm-crds-have-validation image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -22,8 +22,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-crds-have-resources + - scorecard-test + - olm-crds-have-resources image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -32,8 +32,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-spec-descriptors + - scorecard-test + - olm-spec-descriptors image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm @@ -42,8 +42,8 @@ path: /stages/0/tests/- value: entrypoint: - - scorecard-test - - olm-status-descriptors + - scorecard-test + - olm-status-descriptors image: quay.io/operator-framework/scorecard-test:v1.13.1 labels: suite: olm diff --git a/config/serviceaccount/kustomization.yaml b/config/serviceaccount/kustomization.yaml index 59fb7a6d1..310109dd7 100644 --- a/config/serviceaccount/kustomization.yaml +++ b/config/serviceaccount/kustomization.yaml @@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: system resources: - - ./serviceaccount.yaml + - ./serviceaccount.yaml \ No newline at end of file diff --git a/deploy/crds/storage.dell.com.crds.all.yaml b/deploy/crds/storage.dell.com.crds.all.yaml index 8c262bf43..69726d5e1 100644 --- a/deploy/crds/storage.dell.com.crds.all.yaml +++ b/deploy/crds/storage.dell.com.crds.all.yaml @@ -11,56 +11,388 @@ spec: listKind: ApexConnectivityClientList plural: apexconnectivityclients shortNames: - - acc + - acc singular: apexconnectivityclient scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of Client - jsonPath: .spec.client.csmClientType - name: CSMClientType - type: string - - description: Version of Apex client - jsonPath: .spec.client.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ApexConnectivityClient is the Schema for the ApexConnectivityClient API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient - properties: - client: - description: Client is a Apex Connectivity Client for Dell Technologies - properties: - common: - description: Common is the common specification for both controller and node plugins + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of Client + jsonPath: .spec.client.csmClientType + name: CSMClientType + type: string + - description: Version of Apex client + jsonPath: .spec.client.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ApexConnectivityClient is the Schema for the ApexConnectivityClient API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ApexConnectivityClientSpec defines the desired state of ApexConnectivityClient + properties: + client: + description: Client is a Apex Connectivity Client for Dell Technologies + properties: + common: + description: Common is the common specification for both controller and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the client + type: string + connectionTarget: + description: ConnectionTarget is the target that the client connects to in the Dell datacenter + type: string + csmClientType: + description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient + type: string + forceRemoveClient: + description: ForceRemoveClient is the boolean flag used to remove client deployment when CR is deleted + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -153,7 +485,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -168,7 +500,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -177,20 +509,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: "Container name: required for volumes, optional for env vars" + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -209,12 +541,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -377,758 +709,15 @@ spec: description: VeleroNamespace is the namespace that Velero is installed in type: string type: object - configVersion: - description: ConfigVersion is the configuration version of the client - type: string - connectionTarget: - description: ConnectionTarget is the target that the client connects to in the Dell datacenter - type: string - csmClientType: - description: ClientType is the Client type for Dell Technologies - e.g, ApexConnectivityClient - type: string - forceRemoveClient: - description: ForceRemoveClient is the boolean flag used to remove client deployment when CR is deleted - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - sideCars: - description: SideCars is the specification for CSI sidecar containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - usePrivateCaCerts: - description: UsePrivateCaCerts is used to specify private CA signed certs - type: boolean - type: object - type: object - status: - description: ApexConnectivityClientStatus defines the observed state of ApexConnectivityClient - properties: - clientStatus: - description: ClientStatus is the status of Client pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - state: - description: State is the state of the client installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.15.0 - name: containerstoragemodules.storage.dell.com -spec: - group: storage.dell.com - names: - kind: ContainerStorageModule - listKind: ContainerStorageModuleList - plural: containerstoragemodules - shortNames: - - csm - singular: containerstoragemodule - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: CreationTime - type: date - - description: Type of CSIDriver - jsonPath: .spec.driver.csiDriverType - name: CSIDriverType - type: string - - description: Version of CSIDriver - jsonPath: .spec.driver.configVersion - name: ConfigVersion - type: string - - description: State of Installation - jsonPath: .status.state - name: State - type: string - name: v1 - schema: - openAPIV3Schema: - description: ContainerStorageModule is the Schema for the containerstoragemodules API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule - properties: - driver: - description: Driver is a CSI Drivers for Dell Technologies - properties: - authSecret: - description: AuthSecret is the name of the credentials secret for the driver - type: string - common: - description: Common is the common specification for both controller and node plugins - properties: - args: - description: Args is the set of arguments for the container - items: + type: array + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: type: string type: array authorizationController: @@ -1217,7 +806,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1232,7 +821,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1241,20 +830,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: "Container name: required for volumes, optional for env vars" + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -1273,12 +862,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -1413,39 +1002,790 @@ spec: Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + usePrivateCaCerts: + description: UsePrivateCaCerts is used to specify private CA signed certs + type: boolean + type: object + type: object + status: + description: ApexConnectivityClientStatus defines the observed state of ApexConnectivityClient + properties: + clientStatus: + description: ClientStatus is the status of Client pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the client installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: containerstoragemodules.storage.dell.com +spec: + group: storage.dell.com + names: + kind: ContainerStorageModule + listKind: ContainerStorageModuleList + plural: containerstoragemodules + shortNames: + - csm + singular: containerstoragemodule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: CreationTime + type: date + - description: Type of CSIDriver + jsonPath: .spec.driver.csiDriverType + name: CSIDriverType + type: string + - description: Version of CSIDriver + jsonPath: .spec.driver.configVersion + name: ConfigVersion + type: string + - description: State of Installation + jsonPath: .status.state + name: State + type: string + name: v1 + schema: + openAPIV3Schema: + description: ContainerStorageModule is the Schema for the containerstoragemodules API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ContainerStorageModuleSpec defines the desired state of ContainerStorageModule + properties: + driver: + description: Driver is a CSI Drivers for Dell Technologies + properties: + authSecret: + description: AuthSecret is the name of the credentials secret for the driver + type: string + common: + description: Common is the common specification for both controller and node plugins + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + configVersion: + description: ConfigVersion is the configuration version of the driver + type: string + controller: + description: Controller is the specification for Controller plugin only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - configVersion: - description: ConfigVersion is the configuration version of the driver - type: string - controller: - description: Controller is the specification for Controller plugin only + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + csiDriverSpec: + description: CSIDriverSpec is the specification for CSIDriver + properties: + fSGroupPolicy: + type: string + storageCapacity: + type: boolean + type: object + csiDriverType: + description: CSIDriverType is the CSI Driver type for Dell Technologies - e.g, powermax, powerflex,... + type: string + dnsPolicy: + description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin + type: string + forceRemoveDriver: + description: ForceRemoveDriver is the boolean flag used to remove driver deployment when CR is deleted + type: boolean + forceUpdate: + description: ForceUpdate is the boolean flag used to force an update of the driver instance + type: boolean + initContainers: + description: InitContainers is the specification for Driver InitContainers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -1538,7 +1878,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -1553,7 +1893,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -1562,20 +1902,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: "Container name: required for volumes, optional for env vars" + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -1589,522 +1929,506 @@ spec: Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name type: object type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault + hostname: + description: Hostname is the authorization proxy server hostname type: string - vaultRole: - description: VaultRole is the role for the vault + image: + description: Image is the image tag for the Container type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image type: string - type: object - csiDriverSpec: - description: CSIDriverSpec is the specification for CSIDriver - properties: - fSGroupPolicy: + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path type: string - storageCapacity: + leaderElection: + description: LeaderElection is boolean flag to enable leader election type: boolean - type: object - csiDriverType: - description: CSIDriverType is the CSI Driver type for Dell Technologies - e.g, powermax, powerflex,... - type: string - dnsPolicy: - description: DNSPolicy is the dnsPolicy of the daemonset for Node plugin - type: string - forceRemoveDriver: - description: ForceRemoveDriver is the boolean flag used to remove driver deployment when CR is deleted - type: boolean - forceUpdate: - description: ForceUpdate is the boolean flag used to force an update of the driver instance - type: boolean - initContainers: - description: InitContainers is the specification for Driver InitContainers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + node: + description: Node is the specification for Node plugin only + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore type: string type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. type: object - type: array - node: - description: Node is the specification for Node plugin only + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + replicas: + description: Replicas is the count of controllers for Controller plugin + format: int32 + type: integer + sideCars: + description: SideCars is the specification for CSI sidecar containers + items: + description: ContainerTemplate template properties: args: description: Args is the set of arguments for the container @@ -2197,236 +2521,587 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + type: object + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility + type: string + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName + type: string + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + snapshotClass: + description: SnapshotClass is the specification for Snapshot Classes + items: + description: SnapshotClass struct + properties: + name: + description: Name is the name of the Snapshot Class + type: string + parameters: + additionalProperties: + type: string + description: Parameters is a map of driver specific parameters for snapshot class + type: object + type: object + type: array + tlsCertSecret: + description: TLSCertSecret is the name of the TLS Cert secret + type: string + type: object + modules: + description: Modules is list of Container Storage Module modules you want to deploy + items: + description: Module defines the desired state of a ContainerStorageModule + properties: + components: + description: Components is the specification for CSM components containers + items: + description: ContainerTemplate template + properties: + args: + description: Args is the set of arguments for the container + items: + type: string + type: array + authorizationController: + description: AuthorizationController is the image tag for the container + type: string + authorizationControllerReplicas: + description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment + type: integer + certificate: + description: Certificate is a certificate used for a certificate/private-key pair + type: string + certificateAuthority: + description: CertificateAuthority is a certificate authority used to validate a certificate + type: string + commander: + description: Commander is the image tag for the Container + type: string + controllerReconcileInterval: + description: The interval which the reconcile of each controller is run + type: string + credentials: + description: ComponentCred is to store the velero credential contents + items: + description: Credential struct + properties: + createWithInstall: + description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore + type: boolean + name: + description: Name is the name of secret which contains credentials to access objectstore + type: string + secretContents: + description: SecretContents contains credentials to access objectstore + properties: + aws_access_key_id: + description: AccessKeyID is a name of key ID to access objectstore + type: string + aws_secret_access_key: + description: AccessKey contains the key to access objectstore + type: string + type: object + type: object + type: array + deployNodeAgent: + description: DeployNodeAgent is to enable/disable node-agent services + type: boolean + enabled: + description: Enabled is used to indicate wether or not to deploy a module + type: boolean + envs: + description: Envs is the set of environment variables for the container + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: - type: integer - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: - key - type: object - x-kubernetes-map-type: atomic - type: object - required: + type: object + x-kubernetes-map-type: atomic + type: object + required: - name + type: object + type: array + hostname: + description: Hostname is the authorization proxy server hostname + type: string + image: + description: Image is the image tag for the Container + type: string + imagePullPolicy: + description: ImagePullPolicy is the image pull policy for the image + type: string + kvEnginePath: + description: kvEnginePath is the Authorization vault secret path + type: string + leaderElection: + description: LeaderElection is boolean flag to enable leader election + type: boolean + licenseName: + description: LicenseName is the name of the license for app-mobility + type: string + name: + description: Name is the name of Container + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: + objectStoreSecretName: + description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: + opa: + description: Opa is the image tag for the Container + type: string + opaKubeMgmt: + description: OpaKubeMgmt is the image tag for the Container + type: string + privateKey: + description: PrivateKey is a private key used for a certificate/private-key pair + type: string + proxyServerIngress: + description: ProxyServerIngress is the authorization proxy server ingress configuration + items: + description: ProxyServerIngress is the authorization ingress configuration struct + properties: + annotations: + additionalProperties: + type: string + description: Annotations is an unstructured key value map that stores additional annotations for the ingress + type: object + hosts: + description: Hosts is the hosts rules for the ingress + items: + type: string + type: array + ingressClassName: + description: IngressClassName is the ingressClassName type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: + type: object + type: array + proxyService: + description: ProxyService is the image tag for the Container + type: string + proxyServiceReplicas: + description: ProxyServiceReplicas is the number of replicas for the proxy service deployment + type: integer + redis: + description: Redis is the image tag for the Container + type: string + redisCommander: + description: RedisCommander is the name of the redis deployment + type: string + redisName: + description: RedisName is the name of the redis statefulset + type: string + redisReplicas: + description: RedisReplicas is the number of replicas for the redis deployment + type: integer + replicaCount: + description: ReplicaCount is the replica count for app mobility + type: string + roleService: + description: RoleService is the image tag for the Container + type: string + roleServiceReplicas: + description: RoleServiceReplicas is the number of replicas for the role service deployment + type: integer + sentinel: + description: Sentinel is the name of the sentinel statefulSet + type: string + skipCertificateValidation: + description: skipCertificateValidation is the flag to skip certificate validation + type: boolean + storageService: + description: StorageService is the image tag for the Container + type: string + storageServiceReplicas: + description: StorageServiceReplicas is the number of replicas for storage service deployment + type: integer + storageclass: + description: RedisStorageClass is the authorization proxy server redis storage class for persistence + type: string + tenantService: + description: TenantService is the image tag for the Container + type: string + tenantServiceReplicas: + description: TenantServiceReplicas is the number of replicas for the tenant service deployment + type: integer + tolerations: + description: Tolerations is the list of tolerations for the driver pods + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - replicas: - description: Replicas is the count of controllers for Controller plugin - format: int32 - type: integer - sideCars: - description: SideCars is the specification for CSI sidecar containers + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useVolumeSnapshot: + description: UseSnapshot is to check whether volume snapshot is enabled under velero component + type: boolean + vaultAddress: + description: VaultAddress is the address of the vault + type: string + vaultRole: + description: VaultRole is the role for the vault + type: string + veleroNamespace: + description: VeleroNamespace is the namespace that Velero is installed in + type: string + type: object + type: array + configVersion: + description: ConfigVersion is the configuration version of the module + type: string + enabled: + description: Enabled is used to indicate whether or not to deploy a module + type: boolean + forceRemoveModule: + description: ForceRemoveModule is the boolean flag used to remove authorization proxy server deployment when CR is deleted + type: boolean + initContainer: + description: InitContainer is the specification for Module InitContainer items: description: ContainerTemplate template properties: @@ -2521,7 +3196,7 @@ spec: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic fieldRef: @@ -2536,7 +3211,7 @@ spec: description: Path of the field to select in the specified API version. type: string required: - - fieldPath + - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: @@ -2545,20 +3220,20 @@ spec: (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: - description: "Container name: required for volumes, optional for env vars" + description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - - type: integer - - type: string + - type: integer + - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: "Required: resource to select" + description: 'Required: resource to select' type: string required: - - resource + - resource type: object x-kubernetes-map-type: atomic secretKeyRef: @@ -2577,12 +3252,12 @@ spec: description: Specify whether the Secret or its key must be defined type: boolean required: - - key + - key type: object x-kubernetes-map-type: atomic type: object required: - - name + - name type: object type: array hostname: @@ -2746,716 +3421,41 @@ spec: type: string type: object type: array - snapshotClass: - description: SnapshotClass is the specification for Snapshot Classes - items: - description: SnapshotClass struct - properties: - name: - description: Name is the name of the Snapshot Class - type: string - parameters: - additionalProperties: - type: string - description: Parameters is a map of driver specific parameters for snapshot class - type: object - type: object - type: array - tlsCertSecret: - description: TLSCertSecret is the name of the TLS Cert secret - type: string - type: object - modules: - description: Modules is list of Container Storage Module modules you want to deploy - items: - description: Module defines the desired state of a ContainerStorageModule - properties: - components: - description: Components is the specification for CSM components containers - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - configVersion: - description: ConfigVersion is the configuration version of the module - type: string - enabled: - description: Enabled is used to indicate whether or not to deploy a module - type: boolean - forceRemoveModule: - description: ForceRemoveModule is the boolean flag used to remove authorization proxy server deployment when CR is deleted - type: boolean - initContainer: - description: InitContainer is the specification for Module InitContainer - items: - description: ContainerTemplate template - properties: - args: - description: Args is the set of arguments for the container - items: - type: string - type: array - authorizationController: - description: AuthorizationController is the image tag for the container - type: string - authorizationControllerReplicas: - description: AuthorizationControllerReplicas is the number of replicas for the authorization controller deployment - type: integer - certificate: - description: Certificate is a certificate used for a certificate/private-key pair - type: string - certificateAuthority: - description: CertificateAuthority is a certificate authority used to validate a certificate - type: string - commander: - description: Commander is the image tag for the Container - type: string - controllerReconcileInterval: - description: The interval which the reconcile of each controller is run - type: string - credentials: - description: ComponentCred is to store the velero credential contents - items: - description: Credential struct - properties: - createWithInstall: - description: CreateWithInstall is used to indicate wether or not to create a secret for objectstore - type: boolean - name: - description: Name is the name of secret which contains credentials to access objectstore - type: string - secretContents: - description: SecretContents contains credentials to access objectstore - properties: - aws_access_key_id: - description: AccessKeyID is a name of key ID to access objectstore - type: string - aws_secret_access_key: - description: AccessKey contains the key to access objectstore - type: string - type: object - type: object - type: array - deployNodeAgent: - description: DeployNodeAgent is to enable/disable node-agent services - type: boolean - enabled: - description: Enabled is used to indicate wether or not to deploy a module - type: boolean - envs: - description: Envs is the set of environment variables for the container - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - hostname: - description: Hostname is the authorization proxy server hostname - type: string - image: - description: Image is the image tag for the Container - type: string - imagePullPolicy: - description: ImagePullPolicy is the image pull policy for the image - type: string - kvEnginePath: - description: kvEnginePath is the Authorization vault secret path - type: string - leaderElection: - description: LeaderElection is boolean flag to enable leader election - type: boolean - licenseName: - description: LicenseName is the name of the license for app-mobility - type: string - name: - description: Name is the name of Container - type: string - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - type: object - objectStoreSecretName: - description: ObjectStoreSecretName is the name of the secret for the object store for app-mobility - type: string - opa: - description: Opa is the image tag for the Container - type: string - opaKubeMgmt: - description: OpaKubeMgmt is the image tag for the Container - type: string - privateKey: - description: PrivateKey is a private key used for a certificate/private-key pair - type: string - proxyServerIngress: - description: ProxyServerIngress is the authorization proxy server ingress configuration - items: - description: ProxyServerIngress is the authorization ingress configuration struct - properties: - annotations: - additionalProperties: - type: string - description: Annotations is an unstructured key value map that stores additional annotations for the ingress - type: object - hosts: - description: Hosts is the hosts rules for the ingress - items: - type: string - type: array - ingressClassName: - description: IngressClassName is the ingressClassName - type: string - type: object - type: array - proxyService: - description: ProxyService is the image tag for the Container - type: string - proxyServiceReplicas: - description: ProxyServiceReplicas is the number of replicas for the proxy service deployment - type: integer - redis: - description: Redis is the image tag for the Container - type: string - redisCommander: - description: RedisCommander is the name of the redis deployment - type: string - redisName: - description: RedisName is the name of the redis statefulset - type: string - redisReplicas: - description: RedisReplicas is the number of replicas for the redis deployment - type: integer - replicaCount: - description: ReplicaCount is the replica count for app mobility - type: string - roleService: - description: RoleService is the image tag for the Container - type: string - roleServiceReplicas: - description: RoleServiceReplicas is the number of replicas for the role service deployment - type: integer - sentinel: - description: Sentinel is the name of the sentinel statefulSet - type: string - skipCertificateValidation: - description: skipCertificateValidation is the flag to skip certificate validation - type: boolean - storageService: - description: StorageService is the image tag for the Container - type: string - storageServiceReplicas: - description: StorageServiceReplicas is the number of replicas for storage service deployment - type: integer - storageclass: - description: RedisStorageClass is the authorization proxy server redis storage class for persistence - type: string - tenantService: - description: TenantService is the image tag for the Container - type: string - tenantServiceReplicas: - description: TenantServiceReplicas is the number of replicas for the tenant service deployment - type: integer - tolerations: - description: Tolerations is the list of tolerations for the driver pods - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - useVolumeSnapshot: - description: UseSnapshot is to check whether volume snapshot is enabled under velero component - type: boolean - vaultAddress: - description: VaultAddress is the address of the vault - type: string - vaultRole: - description: VaultRole is the role for the vault - type: string - veleroNamespace: - description: VeleroNamespace is the namespace that Velero is installed in - type: string - type: object - type: array - name: - description: Name is name of ContainerStorageModule modules - type: string - type: object - type: array - type: object - status: - description: ContainerStorageModuleStatus defines the observed state of ContainerStorageModule - properties: - controllerStatus: - description: ControllerStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: - type: string - type: object - nodeStatus: - description: NodeStatus is the status of Controller pods - properties: - available: - type: string - desired: - type: string - failed: + name: + description: Name is name of ContainerStorageModule modules type: string type: object - state: - description: State is the state of the driver installation - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + status: + description: ContainerStorageModuleStatus defines the observed state of ContainerStorageModule + properties: + controllerStatus: + description: ControllerStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + nodeStatus: + description: NodeStatus is the status of Controller pods + properties: + available: + type: string + desired: + type: string + failed: + type: string + type: object + state: + description: State is the state of the driver installation + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deploy/operator.yaml b/deploy/operator.yaml index fc1cffdca..3dd1525b7 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -12,1218 +12,1218 @@ metadata: name: dell-csm-operator-leader-election-role namespace: dell-csm-operator rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-application-mobility-velero-server rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-manager-role rules: - - nonResourceURLs: - - /metrics - verbs: - - get - - apiGroups: - - "" - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - cert-manager-controller - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - events - - ingresses - - persistentvolumeclaims - - pods - - roles - - secrets - - serviceaccounts - - services - - services/finalizers - verbs: - - "*" - - apiGroups: - - "" - resourceNames: - - dell-csm-operator-controller-manager - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - update - - watch - - apiGroups: - - "*" - resourceNames: - - application-mobility-velero-server - resources: - - "*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - verbs: - - create - - delete - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - challenges/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges - - orders - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - challenges/finalizers - verbs: - - update - - apiGroups: - - acme.cert-manager.io - resources: - - clusterissuers - - issuers - verbs: - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - acme.cert-manager.io - resources: - - orders - - orders/status - verbs: - - patch - - update - - apiGroups: - - acme.cert-manager.io - resources: - - orders/finalizers - verbs: - - update - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - "*" - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - patch - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - get - - list - - update - - watch - - apiGroups: - - apiregistration.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - auditregistration.k8s.io - resources: - - auditsinks - verbs: - - get - - list - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - list - - update - - watch - - apiGroups: - - cert-manager.io - resources: - - "*/*" - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - clusterissuers - - issuers - verbs: - - "*" - - apiGroups: - - cert-manager.io - resources: - - certificaterequests - - certificates - - issuers - verbs: - - create - - delete - - deletecollection - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/finalizers - - certificates/finalizers - verbs: - - update - - apiGroups: - - cert-manager.io - resources: - - certificaterequests/status - - certificates/status - verbs: - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - clusterissuers - - clusterissuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - configmaps - verbs: - - get - - patch - - update - - apiGroups: - - cert-manager.io - resources: - - issuers - - issuers/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - cert-manager.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - approve - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - list - - update - - watch - - apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests/status - verbs: - - patch - - update - - apiGroups: - - certificates.k8s.io - resourceNames: - - clusterissuers.cert-manager.io/* - - issuers.cert-manager.io/* - resources: - - signers - verbs: - - sign - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-cainjector-leader-election - - cert-manager-cainjector-leader-election-core - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - cert-manager-controller - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles - - csmtenants - - storages - verbs: - - get - - list - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmroles/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - csmtenants/status - verbs: - - get - - patch - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages - verbs: - - create - - delete - - patch - - update - - watch - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/finalizers - verbs: - - update - - apiGroups: - - csm-authorization.storage.dell.com - resources: - - storages/status - verbs: - - get - - patch - - update - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways - - httproutes - verbs: - - get - - list - - watch - - apiGroups: - - gateway.networking.k8s.io - resources: - - gateways/finalizers - - httproutes/finalizers - verbs: - - update - - apiGroups: - - gateway.networking.k8s.io - resources: - - httproutes - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - get - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - "*" - - apiGroups: - - networking.k8s.io - resources: - - ingresses/finalizers - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - replicasets - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create - - apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - - volumesnapshotcontents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots/status - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - apexconnectivityclients/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/finalizers - verbs: - - update - - apiGroups: - - storage.dell.com - resources: - - containerstoragemodules/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csistoragecapacities - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - - dellcsivolumegroupsnapshots/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch +- nonResourceURLs: + - /metrics + verbs: + - get +- apiGroups: + - "" + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - "" + resourceNames: + - cert-manager-controller + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - ingresses + - persistentvolumeclaims + - pods + - roles + - secrets + - serviceaccounts + - services + - services/finalizers + verbs: + - '*' +- apiGroups: + - "" + resourceNames: + - dell-csm-operator-controller-manager + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - '*' + resourceNames: + - application-mobility-velero-server + resources: + - '*' + verbs: + - '*' +- apiGroups: + - acme.cert-manager.io + resources: + - '*/*' + verbs: + - '*' +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + verbs: + - create + - delete +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - challenges/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges + - orders + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - challenges/finalizers + verbs: + - update +- apiGroups: + - acme.cert-manager.io + resources: + - clusterissuers + - issuers + verbs: + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - orders + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - acme.cert-manager.io + resources: + - orders + - orders/status + verbs: + - patch + - update +- apiGroups: + - acme.cert-manager.io + resources: + - orders/finalizers + verbs: + - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - patch + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - update + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - auditregistration.k8s.io + resources: + - auditsinks + verbs: + - get + - list + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - update + - watch +- apiGroups: + - cert-manager.io + resources: + - '*/*' + verbs: + - '*' +- apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - clusterissuers + - issuers + verbs: + - '*' +- apiGroups: + - cert-manager.io + resources: + - certificaterequests + - certificates + - issuers + verbs: + - create + - delete + - deletecollection + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - certificaterequests/finalizers + - certificates/finalizers + verbs: + - update +- apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + - certificates/status + verbs: + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - clusterissuers + - clusterissuers/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - configmaps + verbs: + - get + - patch + - update +- apiGroups: + - cert-manager.io + resources: + - issuers + - issuers/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - cert-manager.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - approve +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list + - update + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests/status + verbs: + - patch + - update +- apiGroups: + - certificates.k8s.io + resourceNames: + - clusterissuers.cert-manager.io/* + - issuers.cert-manager.io/* + resources: + - signers + verbs: + - sign +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-cainjector-leader-election + - cert-manager-cainjector-leader-election-core + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resourceNames: + - cert-manager-controller + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles + - csmtenants + - storages + verbs: + - get + - list +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmroles/status + verbs: + - get + - patch + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - csmtenants/status + verbs: + - get + - patch + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages + verbs: + - create + - delete + - patch + - update + - watch +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/finalizers + verbs: + - update +- apiGroups: + - csm-authorization.storage.dell.com + resources: + - storages/status + verbs: + - get + - patch + - update +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways + - httproutes + verbs: + - get + - list + - watch +- apiGroups: + - gateway.networking.k8s.io + resources: + - gateways/finalizers + - httproutes/finalizers + verbs: + - update +- apiGroups: + - gateway.networking.k8s.io + resources: + - httproutes + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' +- apiGroups: + - networking.k8s.io + resources: + - ingresses/finalizers + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - list + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - replicasets + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + - volumesnapshotcontents + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/finalizers + verbs: + - update +- apiGroups: + - storage.dell.com + resources: + - apexconnectivityclients/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/finalizers + verbs: + - update +- apiGroups: + - storage.dell.com + resources: + - containerstoragemodules/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + - dellcsivolumegroupsnapshots/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-csm-operator-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -1235,9 +1235,9 @@ roleRef: kind: Role name: dell-csm-operator-leader-election-role subjects: - - kind: ServiceAccount - name: default - namespace: dell-csm-operator +- kind: ServiceAccount + name: default + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1248,9 +1248,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-application-mobility-velero-server subjects: - - kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator +- kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1261,9 +1261,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-manager-role subjects: - - kind: ServiceAccount - name: dell-csm-operator-manager-service-account - namespace: dell-csm-operator +- kind: ServiceAccount + name: dell-csm-operator-manager-service-account + namespace: dell-csm-operator --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1274,9 +1274,9 @@ roleRef: kind: ClusterRole name: dell-csm-operator-proxy-role subjects: - - kind: ServiceAccount - name: default - namespace: dell-csm-operator +- kind: ServiceAccount + name: default + namespace: dell-csm-operator --- apiVersion: v1 data: @@ -1306,10 +1306,10 @@ metadata: namespace: dell-csm-operator spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager --- @@ -1333,89 +1333,89 @@ spec: control-plane: controller-manager spec: containers: - - args: - - --leader-elect - command: - - /manager - env: - - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.1 - - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.11.0 - - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.11.0 - - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 - - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.11.1 - - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.11.1 - - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.11.0 - - name: RELATED_IMAGE_sdc - value: docker.io/dellemc/sdc:4.5.2.1 - - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 - - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.9.0 - - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.9.0 - - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.9.0 - - name: RELATED_IMAGE_otel-collector - value: docker.io/otel/opentelemetry-collector:0.42.0 - - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 - - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 - - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 - - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.10.0 - - name: RELATED_IMAGE_kube-rbac-proxy - value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - - name: RELATED_IMAGE_attacher - value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 - - name: RELATED_IMAGE_provisioner - value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - - name: RELATED_IMAGE_snapshotter - value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 - - name: RELATED_IMAGE_registrar - value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 - - name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 - - name: RELATED_IMAGE_externalhealthmonitorcontroller - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.8.0 - - name: RELATED_IMAGE_dell-connectivity-client - value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 - - name: RELATED_IMAGE_cert-persister - value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.6.1 - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 512Mi - requests: - cpu: 100m - memory: 192Mi - securityContext: - allowPrivilegeEscalation: false + - args: + - --leader-elect + command: + - /manager + env: + - name: RELATED_IMAGE_dell-csm-operator + value: docker.io/dellemc/dell-csm-operator:v1.6.1 + - name: RELATED_IMAGE_csi-isilon + value: docker.io/dellemc/csi-isilon:v2.11.0 + - name: RELATED_IMAGE_csi-powermax + value: docker.io/dellemc/csi-powermax:v2.11.0 + - name: RELATED_IMAGE_csipowermax-reverseproxy + value: docker.io/dellemc/csipowermax-reverseproxy:v2.10.0 + - name: RELATED_IMAGE_csi-powerstore + value: docker.io/dellemc/csi-powerstore:v2.11.1 + - name: RELATED_IMAGE_csi-unity + value: docker.io/dellemc/csi-unity:v2.11.1 + - name: RELATED_IMAGE_csi-vxflexos + value: docker.io/dellemc/csi-vxflexos:v2.11.0 + - name: RELATED_IMAGE_sdc + value: docker.io/dellemc/sdc:4.5.2.1 + - name: RELATED_IMAGE_karavi-authorization-proxy + value: docker.io/dellemc/csm-authorization-sidecar:v1.11.0 + - name: RELATED_IMAGE_dell-csi-replicator + value: docker.io/dellemc/dell-csi-replicator:v1.9.0 + - name: RELATED_IMAGE_dell-replication-controller-manager + value: docker.io/dellemc/dell-replication-controller:v1.9.0 + - name: RELATED_IMAGE_topology + value: docker.io/dellemc/csm-topology:v1.9.0 + - name: RELATED_IMAGE_otel-collector + value: docker.io/otel/opentelemetry-collector:0.42.0 + - name: RELATED_IMAGE_metrics-powerscale + value: docker.io/dellemc/csm-metrics-powerscale:v1.6.0 + - name: RELATED_IMAGE_metrics-powermax + value: docker.io/dellemc/csm-metrics-powermax:v1.4.0 + - name: RELATED_IMAGE_metrics-powerflex + value: docker.io/dellemc/csm-metrics-powerflex:v1.9.0 + - name: RELATED_IMAGE_podmon-node + value: docker.io/dellemc/podmon:v1.10.0 + - name: RELATED_IMAGE_kube-rbac-proxy + value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + - name: RELATED_IMAGE_attacher + value: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + - name: RELATED_IMAGE_provisioner + value: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + - name: RELATED_IMAGE_snapshotter + value: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + - name: RELATED_IMAGE_registrar + value: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + - name: RELATED_IMAGE_resizer + value: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + - name: RELATED_IMAGE_externalhealthmonitorcontroller + value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 + - name: RELATED_IMAGE_metadataretriever + value: dellemc/csi-metadata-retriever:v1.8.0 + - name: RELATED_IMAGE_dell-connectivity-client + value: docker.io/dellemc/connectivity-client-docker-k8s:1.19.0 + - name: RELATED_IMAGE_cert-persister + value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 + image: docker.io/dellemc/dell-csm-operator:v1.6.1 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 192Mi + securityContext: + allowPrivilegeEscalation: false securityContext: runAsNonRoot: true serviceAccountName: dell-csm-operator-manager-service-account diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml index bad756442..46864aaf2 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/brownfield-onboard.yaml @@ -6,7 +6,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list", "get", "create", "update", "delete", "watch"] + verbs: ["list","get", "create", "update", "delete","watch"] - apiGroups: ["storage.dell.com"] resources: ["containerstoragemodules"] verbs: ["create", "delete"] diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index 56d35205b..f50efd2ae 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -352,13 +352,7 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: - [ - "sh", - "-x", - "-c", - "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", - ] + command: ["sh", "-x", "-c", "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml index f424caa03..5bd787720 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.0.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v0.0.0 +minUpgradePath: v0.0.0 \ No newline at end of file diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml index bad756442..46864aaf2 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/brownfield-onboard.yaml @@ -6,7 +6,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["list", "get", "create", "update", "delete", "watch"] + verbs: ["list","get", "create", "update", "delete","watch"] - apiGroups: ["storage.dell.com"] resources: ["containerstoragemodules"] verbs: ["create", "delete"] diff --git a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml index fdc648540..efad5a33c 100644 --- a/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml +++ b/operatorconfig/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml @@ -352,13 +352,7 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: - [ - "sh", - "-x", - "-c", - "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", - ] + command: ["sh", "-x", "-c", "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml index b01ee82c7..e31c7337c 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -111,13 +111,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -210,7 +210,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml index 5e0a6004f..7debd9c08 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml index 10f09bb9f..b735e19d4 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.0/node.yaml @@ -77,7 +77,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -86,7 +86,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -209,11 +209,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml index f747ae20b..f0a353a03 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml index eb0706e64..fab3f832d 100644 --- a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml index 5e0a6004f..7debd9c08 100644 --- a/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.11.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml index a6162260c..05370e3b5 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--leader-election" - "--array-config=/vxflexos-config/config" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml index 0c97b3b5c..c47b034b8 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml index 3c1a6be36..884a1baf8 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml index 56d7677ad..49646be0d 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml index 554a7bb74..08e3f335e 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.2 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml index 3110f064f..bc8bb4aeb 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/driver-config-params.yaml @@ -10,4 +10,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" + PODMON_NODE_LOG_FORMAT: "TEXT" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml index 462af9b05..75c3eeb5e 100644 --- a/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml +++ b/operatorconfig/driverconfig/powerflex/v2.9.2/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.2 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -207,11 +207,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path - name: host-opt-emc-path mountPath: /host_opt_emc_path volumes: diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml index 8f574a6cd..40127fb1f 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -129,13 +129,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -234,7 +234,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -319,6 +319,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml index d587761b5..5bacf36ae 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml b/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml index 1486c847f..1cfd41fba 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -254,8 +254,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml index f5d10384f..43531698e 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -317,6 +317,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml index d587761b5..5bacf36ae 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml index 4d73badbf..577d86486 100644 --- a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -251,8 +251,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml index d587761b5..5bacf36ae 100644 --- a/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.11.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml index 963ee2f34..5302c6efb 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.0 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] args: - "--leader-election" env: @@ -319,6 +319,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml index d587761b5..5bacf36ae 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml b/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml index 9e48f07c0..d58f1028a 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -252,8 +252,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml index d58512998..4dc0ae6c1 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -317,6 +317,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml index d587761b5..5bacf36ae 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml index 88313fd54..02a5f3e81 100644 --- a/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -252,8 +252,8 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: node-topology-config configMap: - name: node-topology-config - optional: true + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml index 109ad0700..333fbc4c6 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -120,13 +120,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -245,7 +245,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: ["/csi-metadata-retriever"] + command: [ "/csi-metadata-retriever" ] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -257,7 +257,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -329,4 +329,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml index 65a4a2756..facd6cd6a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml index 5e0a6004f..e615ab810 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/driver-config-params.yaml @@ -11,3 +11,4 @@ data: PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" PODMON_NODE_LOG_FORMAT: "TEXT" + diff --git a/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml index 2effc692a..46e72a753 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -214,4 +214,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml index 6c0c7a980..c25e5fbd8 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: ["/csi-metadata-retriever"] + command: [ "/csi-metadata-retriever" ] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -327,4 +327,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml index 65a4a2756..facd6cd6a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml index 744b35635..01b9bf64e 100644 --- a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml index 1abdfb403..51da5a0e8 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/controller.yaml @@ -84,7 +84,7 @@ rules: # Permissions for ReplicationReplicator - apiGroups: [""] resources: ["namespaces"] - verbs: ["create", "get", "list", "watch"] + verbs: ["create", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml index 65a4a2756..facd6cd6a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml index 5e0a6004f..e615ab810 100644 --- a/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.11.0/driver-config-params.yaml @@ -11,3 +11,4 @@ data: PODMON_CONTROLLER_LOG_FORMAT: "TEXT" PODMON_NODE_LOG_LEVEL: "debug" PODMON_NODE_LOG_FORMAT: "TEXT" + diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml index cb8988fd6..d18e7a58c 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: ["/csi-metadata-retriever"] + command: [ "/csi-metadata-retriever" ] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.0 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -331,4 +331,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml index 65a4a2756..facd6cd6a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml index ad3172063..481328689 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml index 47c71fdd6..4b868cf7c 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -243,7 +243,7 @@ spec: - "--leader-election-renew-deadline=10s" - "--leader-election-lease-duration=15s" - "--leader-election-retry-period=5s" - command: ["/csi-metadata-retriever"] + command: [ "/csi-metadata-retriever" ] env: - name: ADDRESS value: /var/run/csi/csi.sock @@ -255,7 +255,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -327,4 +327,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml index 65a4a2756..facd6cd6a 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml index 87ba55cbd..8f49a7d38 100644 --- a/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -212,4 +212,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml index 24f66522d..0b55612eb 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -125,13 +124,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -228,7 +227,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -270,4 +269,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml b/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml index 5952d534f..d1665bef5 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.0/node.yaml @@ -94,8 +94,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.0 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml index ed3d549c6..eb6ddcf5b 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml index 3a1b1523c..6f1f8c550 100644 --- a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml index 727c7970b..758677ae0 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.0/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] diff --git a/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml index 96f978ea1..83ba7ec4f 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml index 6316f9337..d3c3dc09d 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.0 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml index 5bc1c7304..54be45f3e 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.0 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml index 6f4dba187..360a96012 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.0/upgrade-path.yaml @@ -13,4 +13,4 @@ # limitations under the License. # # -minUpgradePath: v2.7.0 +minUpgradePath: v2.7.0 \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml index f782a5b6c..a16762bac 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml index 19960e910..c775e7442 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml index 6d7b43067..e1925f3a5 100644 --- a/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.1 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" diff --git a/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml index fa11ba7b8..7d71b0571 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -113,13 +113,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -255,7 +255,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml index 513ea7c3a..3a1c28626 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" + TENANT_NAME: "" \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.10.0/node.yaml b/operatorconfig/driverconfig/unity/v2.10.0/node.yaml index b6c5ad00b..63d054886 100644 --- a/operatorconfig/driverconfig/unity/v2.10.0/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.0/node.yaml @@ -78,7 +78,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.10.0 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -185,7 +185,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml index 4fda23e47..463fe2381 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml index 41f8c4d2c..ef69e5863 100644 --- a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.10.1 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml index 513ea7c3a..3a1c28626 100644 --- a/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.0/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" + TENANT_NAME: "" \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml index 513ea7c3a..3a1c28626 100644 --- a/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.1/driver-config-params.yaml @@ -10,4 +10,4 @@ data: ALLOW_RWO_MULTIPOD_ACCESS: "false" MAX_UNITY_VOLUMES_PER_NODE: 0 SYNC_NODE_INFO_TIME_INTERVAL: 15 - TENANT_NAME: "" + TENANT_NAME: "" \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml b/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml index a4e9a169a..a3ef3e8e1 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -254,7 +254,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.9.0/node.yaml b/operatorconfig/driverconfig/unity/v2.9.0/node.yaml index 145b2f971..90b5ef5de 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.9.0 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml index fab8efca9..42c1d36fb 100644 --- a/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.0/upgrade-path.yaml @@ -1 +1 @@ -minUpgradePath: v2.7.0 +minUpgradePath: v2.7.0 \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml index 5b12f10d2..b0a0d209e 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.9.1/node.yaml b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml index 5c64fd57c..260f31198 100644 --- a/operatorconfig/driverconfig/unity/v2.9.1/node.yaml +++ b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:v2.9.1 - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml index 96b1ac2d8..d59f12d32 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml index 28efb5959..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml index 692c3c6dc..09a0f1b8d 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,238 +567,215 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: - BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: - Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: - Clones is the list of targets where this backup will - be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - restoreOnceAvailable: - description: - Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: - Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will + be cloned to. + items: properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: type: string - veleroBackup: - nullable: true + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: - SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: - LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml index fea760de2..4b26371e1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml index 06216bf10..92903f461 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert + secretName: webhook-server-cert \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml index ea50d0b3f..176a995d1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml index 722088a92..bdfd1f654 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-crds.yaml @@ -16,94 +16,86 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: - MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: - ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: - VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: - LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -129,661 +121,581 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command type: object + required: + - exec type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: - BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: - BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: - Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: - FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: - FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: - Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: - ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: - TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable). - items: + name: + description: Name is the name of resource being referenced type: string - nullable: true - type: array - version: - description: - "Version is the backup format major version. Deprecated: - Please see FormatVersion" - type: integer - volumeSnapshotsAttempted: - description: - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: + Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -807,186 +719,165 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: - LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: - AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: - BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: - Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: - ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: - CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: - Prefix is the path inside a bucket to use for Velero - storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: - ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: - BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: - "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: - "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: - LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: - LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1012,67 +903,63 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: - Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1098,86 +985,80 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: - Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: - DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: - Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1203,205 +1084,189 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: - Node is the name of the node that the Pod is running - on. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running + on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. type: string - description: - Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: - Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1427,186 +1292,174 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: - SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1632,531 +1485,464 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: - BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: - ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: - Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: - RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + - name: v1 + schema: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string type: object type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - postHooks: - description: - PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: - RestoreResourceHook defines a restore hook - for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: - Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: - ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: - WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: - InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - preserveNodePorts: - description: - PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: - RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: - ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: - ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: - CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: - Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: - FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: - Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: - ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: - TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: - RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: - RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: - StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2182,604 +1968,535 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: - Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: type: string - required: - - command - type: object - required: - - exec + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: - key is the label key that the selector + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: - A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + nullable: true + type: array + orderedResources: + additionalProperties: type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. type: string - type: array - type: object - useOwnerReferencesInBackup: - description: - UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2803,74 +2520,69 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: - Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: - ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2894,88 +2606,79 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: - VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: - VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml index 573edbe24..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml index 49eecc8a7..0772314bf 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml index b8fd89588..e66d5127b 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml index 96b1ac2d8..d59f12d32 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml index 28efb5959..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml index 692c3c6dc..09a0f1b8d 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,238 +567,215 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: - BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: - Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: - Clones is the list of targets where this backup will - be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - restoreOnceAvailable: - description: - Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: - Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will + be cloned to. + items: properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: type: string - veleroBackup: - nullable: true + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: - SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: - LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml index fea760de2..4b26371e1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml index 06216bf10..92903f461 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert + secretName: webhook-server-cert \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml index ea50d0b3f..176a995d1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml index 722088a92..bdfd1f654 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-crds.yaml @@ -16,94 +16,86 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: - MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: - ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: - VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: - LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -129,661 +121,581 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command type: object + required: + - exec type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: - BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: - BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: - Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: - FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: - FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: - Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: - ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: - TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable). - items: + name: + description: Name is the name of resource being referenced type: string - nullable: true - type: array - version: - description: - "Version is the backup format major version. Deprecated: - Please see FormatVersion" - type: integer - volumeSnapshotsAttempted: - description: - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: + Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -807,186 +719,165 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: - LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: - AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: - BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: - Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: - ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: - CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: - Prefix is the path inside a bucket to use for Velero - storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: - ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: - BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: - "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: - "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: - LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: - LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1012,67 +903,63 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: - Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1098,86 +985,80 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: - Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: - DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: - Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1203,205 +1084,189 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: - Node is the name of the node that the Pod is running - on. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running + on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. type: string - description: - Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: - Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1427,186 +1292,174 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: - SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1632,531 +1485,464 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: - BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: - ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: - Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: - RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + - name: v1 + schema: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string type: object type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - postHooks: - description: - PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: - RestoreResourceHook defines a restore hook - for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: - Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: - ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: - WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: - InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - preserveNodePorts: - description: - PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: - RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: - ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: - ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: - CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: - Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: - FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: - Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: - ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: - TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: - RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: - RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: - StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2182,604 +1968,535 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: - Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: type: string - required: - - command - type: object - required: - - exec + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: - key is the label key that the selector + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: - A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + nullable: true + type: array + orderedResources: + additionalProperties: type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. type: string - type: array - type: object - useOwnerReferencesInBackup: - description: - UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2803,74 +2520,69 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: - Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: - ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2894,88 +2606,79 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: - VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: - VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml index 573edbe24..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml index 49eecc8a7..0772314bf 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml index b8fd89588..e66d5127b 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.1/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml index 96b1ac2d8..d59f12d32 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml index 28efb5959..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml index 692c3c6dc..09a0f1b8d 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,238 +567,215 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: - BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: - Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: - Clones is the list of targets where this backup will - be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - restoreOnceAvailable: - description: - Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: - Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will + be cloned to. + items: properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: type: string - veleroBackup: - nullable: true + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: - SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: - LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml index fea760de2..4b26371e1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml index 06216bf10..92903f461 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert + secretName: webhook-server-cert \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml index ea50d0b3f..176a995d1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-backupstoragelocation.yaml @@ -13,7 +13,7 @@ spec: bucket: cacert: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml index 722088a92..bdfd1f654 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-crds.yaml @@ -16,94 +16,86 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: - MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: - ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: - VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: - LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -129,661 +121,581 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command type: object + required: + - exec type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: - BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: - BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: - Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: - FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: - FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: - Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: - ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: - TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable). - items: + name: + description: Name is the name of resource being referenced type: string - nullable: true - type: array - version: - description: - "Version is the backup format major version. Deprecated: - Please see FormatVersion" - type: integer - volumeSnapshotsAttempted: - description: - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: + Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -807,186 +719,165 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: - LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: - AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: - BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: - Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: - ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: - CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: - Prefix is the path inside a bucket to use for Velero - storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: - ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: - BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: - "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: - "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: - LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: - LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1012,67 +903,63 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: - Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1098,86 +985,80 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: - Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: - DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: - Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1203,205 +1084,189 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: - Node is the name of the node that the Pod is running - on. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running + on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. type: string - description: - Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: - Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1427,186 +1292,174 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: - SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1632,531 +1485,464 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: - BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: - ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: - Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: - RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + - name: v1 + schema: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string type: object type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - postHooks: - description: - PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: - RestoreResourceHook defines a restore hook - for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: - Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: - ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: - WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: - InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - preserveNodePorts: - description: - PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: - RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: - ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: - ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: - CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: - Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: - FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: - Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: - ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: - TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: - RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: - RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: - StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2182,604 +1968,535 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: - Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: type: string - required: - - command - type: object - required: - - exec + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: - key is the label key that the selector + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: - A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + nullable: true + type: array + orderedResources: + additionalProperties: type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. type: string - type: array - type: object - useOwnerReferencesInBackup: - description: - UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2803,74 +2520,69 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: - Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: - ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2894,88 +2606,79 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: - VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: - VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml index 573edbe24..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml index 49eecc8a7..0772314bf 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml index b8fd89588..e66d5127b 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.2/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml index 96b1ac2d8..d59f12d32 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager-metrics-service.yaml @@ -1,25 +1,25 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: application-mobility-controller-manager-metrics-service - namespace: -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: -metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: application-mobility-controller-manager-metrics-service + namespace: +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml index 28efb5959..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml index 692c3c6dc..09a0f1b8d 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,238 +567,215 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: - BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: - Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: - Clones is the list of targets where this backup will - be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - restoreOnceAvailable: - description: - Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: - Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will + be cloned to. + items: properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: type: string - veleroBackup: - nullable: true + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: - SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: - LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml index fea760de2..4b26371e1 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/app-mobility-webhook-service.yaml @@ -1,68 +1,68 @@ -apiVersion: v1 -kind: Service -metadata: - name: -webhook-service - namespace: -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 9443 - selector: - control-plane: controller-manager ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -mutating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: /-serving-cert - name: -validating-webhook-configuration -webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +apiVersion: v1 +kind: Service +metadata: + name: -webhook-service + namespace: +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: controller-manager +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: /-serving-cert + name: -validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml index 06216bf10..92903f461 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert + secretName: webhook-server-cert \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml index 20231f870..c187685e6 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-backupstoragelocation.yaml @@ -12,7 +12,7 @@ spec: objectStorage: bucket: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml index 722088a92..bdfd1f654 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-crds.yaml @@ -16,94 +16,86 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: - MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: - ResticIdentifier is the full restic-compatible string - for identifying this repository. - type: string - volumeNamespace: - description: - VolumeNamespace is the namespace this backup repository - contains pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: - LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: ResticIdentifier is the full restic-compatible string + for identifying this repository. + type: string + volumeNamespace: + description: VolumeNamespace is the namespace this backup repository + contains pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -129,661 +121,581 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait for - CSI VolumeSnapshot status turns to ReadyToUse during creation, before - returning error as timeout. The default value is 10 minute. - type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic should - be used to take a backup of all pod volumes by default. \n Deprecated: - this field is no longer used and will be removed entirely in future. - Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", all - cluster-scoped resource types are excluded. The default value is - empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", all - namespace-scoped resource types are excluded. The default value - is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more BackupResourceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait for + CSI VolumeSnapshot status turns to ReadyToUse during creation, before + returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic should + be used to take a backup of all pod volumes by default. \n Deprecated: + this field is no longer used and will be removed entirely in future. + Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", all + cluster-scoped resource types are excluded. The default value is + empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", all + namespace-scoped resource types are excluded. The default value + is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more BackupResourceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks to + execute prior to storing the item in the backup. These + are executed before any "additional items" from item actions + are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + required: + - command type: object + required: + - exec type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", all + cluster-scoped resource types are included. The default value is + empty, which means only related cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value is + 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty or nil, all + objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks to - execute prior to storing the item in the backup. These - are executed before any "additional items" from item actions - are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", all - cluster-scoped resource types are included. The default value is - empty, which means only related cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value is - 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty or nil, all - objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of + them can be used. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of - them can be used. - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value is + a list of object names separated by commas. Each resource name has + format "namespace/objectname". For cluster resources, simply use + "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in + the core API group. For any other third-party types, APIGroup + is required. type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value is - a list of object names separated by commas. Each resource name has - format "namespace/objectname". For cluster resources, simply use - "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in - the core API group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots of - any PV's referenced in the set of objects included in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing how - long the Backup should be retained for. - type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: - BackupItemOperationsAttempted is the total number of - attempted async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: - BackupItemOperationsCompleted is the total number of - successfully completed async BackupItemAction operations for this - backup. - type: integer - backupItemOperationsFailed: - description: - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an - error. - type: integer - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: - Errors is a count of all error messages that were generated - during execution of the backup. The actual errors are in the backup's - log file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: - FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: - FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: - Progress contains information about the backup's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: - ItemsBackedUp is the number of items that have actually - been written to the backup tarball so far. - type: integer - totalItems: - description: - TotalItems is the total number of items to be backed - up. This number may change throughout the execution of the backup - due to plugins that return additional related items to back - up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable). - items: + name: + description: Name is the name of resource being referenced type: string - nullable: true - type: array - version: - description: - "Version is the backup format major version. Deprecated: - Please see FormatVersion" - type: integer - volumeSnapshotsAttempted: - description: - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the backup. The actual warnings are - in the backup's log file in object storage. - type: integer - type: object - type: object - served: true - storage: true + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots of + any PV's referenced in the set of objects included in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing how + long the Backup should be retained for. + type: string + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: BackupItemOperationsAttempted is the total number of + attempted async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: BackupItemOperationsCompleted is the total number of + successfully completed async BackupItemAction operations for this + backup. + type: integer + backupItemOperationsFailed: + description: BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an + error. + type: integer + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: Errors is a count of all error messages that were generated + during execution of the backup. The actual errors are in the backup's + log file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: Progress contains information about the backup's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: ItemsBackedUp is the number of items that have actually + been written to the backup tarball so far. + type: integer + totalItems: + description: TotalItems is the total number of items to be backed + up. This number may change throughout the execution of the backup + due to plugins that return additional related items to back + up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable). + items: + type: string + nullable: true + type: array + version: + description: 'Version is the backup format major version. Deprecated: + Please see FormatVersion' + type: integer + volumeSnapshotsAttempted: + description: VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the backup. The actual warnings are + in the backup's log file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -807,186 +719,165 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: - LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: - AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: - BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - default: - description: - Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: - ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: - CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: - Prefix is the path inside a bucket to use for Velero - storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: - ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: - BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: - "AccessMode is an unused field. \n Deprecated: there - is now an AccessMode field on the Spec and this field will be removed - entirely as of v2.0." - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: - "LastSyncedRevision is the value of the `metadata/revision` - file in the backup storage location the last time the BSL's contents - were synced into the cluster. \n Deprecated: this field is no longer - updated or used for detecting changes to the location's contents - and will be removed entirely in v2.0." - type: string - lastSyncedTime: - description: - LastSyncedTime is the last time the contents of the location - were synced into the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: - LastValidationTime is the last time the backup store - location was validated the cluster. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: "AccessMode is an unused field. \n Deprecated: there + is now an AccessMode field on the Spec and this field will be removed + entirely as of v2.0." + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: "LastSyncedRevision is the value of the `metadata/revision` + file in the backup storage location the last time the BSL's contents + were synced into the cluster. \n Deprecated: this field is no longer + updated or used for detecting changes to the location's contents + and will be removed entirely in v2.0." + type: string + lastSyncedTime: + description: LastSyncedTime is the last time the contents of the location + were synced into the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: LastValidationTime is the last time the backup store + location was validated the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1012,67 +903,63 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: - Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1098,86 +985,80 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - DownloadRequest is a request to download an artifact from backup - object storage, such as a backup log file. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - type: string - name: - description: - Name is the name of the kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: - DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: - Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: DownloadRequest is a request to download an artifact from backup + object storage, such as a backup log file. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + type: string + name: + description: Name is the name of the kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1203,205 +1084,189 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: Backup repository identifier for this backup - jsonPath: .spec.repoIdentifier - name: Repository ID - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - node: - description: - Node is the name of the node that the Pod is running - on. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: Backup repository identifier for this backup + jsonPath: .spec.repoIdentifier + name: Repository ID + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running + on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. type: string - description: - Tags are a map of key-value pairs that should be applied - to the volume backup as tags. - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - backed up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. Completion time - is recorded before uploading the backup object. The server's time - is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: - Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the volume - and the current number of backed up bytes. This can be used to display - progress information about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: Tags are a map of key-value pairs that should be applied + to the volume backup as tags. + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + backed up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. Completion time + is recorded before uploading the backup object. The server's time + is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the volume + and the current number of backed up bytes. This can be used to display + progress information about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1427,186 +1292,174 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: - BackupStorageLocation is the name of the backup storage - location where the backup repository is stored. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: - 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - namespace: - description: "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - type: string - resourceVersion: - description: - "Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency" - type: string - uid: - description: "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids" - type: string - type: object - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: - SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. The server's - time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: - Progress holds the total number of bytes of the snapshot - and the current number of restored bytes. This can be used to display - progress information about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage + location where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. The server's + time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: Progress holds the total number of bytes of the snapshot + and the current number of restored bytes. This can be used to display + progress information about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1632,531 +1485,464 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - Restore is a Velero resource that represents the application - of resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: - BackupName is the unique name of the Velero backup to - restore from. - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces that - are not included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that are - not included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: - ExistingResourcePolicy specifies the restore behavior - for the kubernetes resource to be restored - nullable: true - type: string - hooks: - description: - Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: - RestoreResourceHookSpec defines one or more RestoreResrouceHooks - that should be executed based on the rules defined for namespaces, - resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to - which this hook spec applies. If empty, it applies to - all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + - name: v1 + schema: + openAPIV3Schema: + description: Restore is a Velero resource that represents the application + of resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: BackupName is the unique name of the Velero backup to + restore from. + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that + are not included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are + not included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks + that should be executed based on the rules defined for namespaces, + resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to + which this hook spec applies. If empty, it applies to + all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: Container is the container in the + pod where the command should be executed. If + not specified, the pod's first container is + used. + type: string + execTimeout: + description: ExecTimeout defines the maximum amount + of time Velero should wait for the hook to complete + before considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitTimeout: + description: WaitTimeout defines the maximum amount + of time Velero should wait for the container + to be Ready before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string type: object type: object - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the restore. If + null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include + objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for RestoreItemAction operations The default value is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty or nil, + all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - postHooks: - description: - PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: - RestoreResourceHook defines a restore hook - for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: - Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in the - pod where the command should be executed. If - not specified, the pod's first container is - used. - type: string - execTimeout: - description: - ExecTimeout defines the maximum amount - of time Velero should wait for the hook to complete - before considering the execution a failure. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitTimeout: - description: - WaitTimeout defines the maximum amount - of time Velero should wait for the container - to be Ready before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: - InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the restore. If - null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names to include - objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for RestoreItemAction operations The default value is 1 hour. - type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty or nil, - all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to + target namespace names to restore into. Any source namespaces not + included in the map will be restored into namespaces of the same + name. + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector to filter + with when restoring individual objects from the backup. If multiple + provided they will be joined by the OR operator. LabelSelector as + well as OrLabelSelectors cannot co-exist in restore request, only + one of them can be used + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If the + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. + array must be empty. This array is replaced during a + strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A single + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace names to - target namespace names to restore into. Any source namespaces not - included in the map will be restored into namespaces of the same - name. - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector to filter - with when restoring individual objects from the backup. If multiple - provided they will be joined by the OR operator. LabelSelector as - well as OrLabelSelectors cannot co-exist in restore request, only - one of them can be used - items: - description: - A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: - A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: - values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nullable: true - type: array - preserveNodePorts: - description: - PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - restorePVs: - description: - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: - RestoreStatus specifies which resources we should restore - the status field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: - ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources to which - will restore the status. If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: - ScheduleName is the unique name of the Velero schedule - to restore from. If specified, and BackupName is empty, Velero will - restore from the most recent successful backup created from this - schedule. - type: string - required: - - backupName - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: - CompletionTimestamp records the time the restore operation - was completed. Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: - Errors is a count of all error messages that were generated - during execution of the restore. The actual errors are stored in - object storage. - type: integer - failureReason: - description: - FailureReason is an error that caused the entire restore - to fail. - type: string - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - type: string - progress: - description: - Progress contains information about the restore's execution - progress. Note that this information is best-effort only -- if Velero - fails to update it during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: - ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: - TotalItems is the total number of items to be restored. - This number may change throughout the execution of the restore - due to plugins that return additional related items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: - RestoreItemOperationsAttempted is the total number of - attempted async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: - RestoreItemOperationsCompleted is the total number of - successfully completed async RestoreItemAction operations for this - restore. - type: integer - restoreItemOperationsFailed: - description: - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an - error. - type: integer - startTimestamp: - description: - StartTimestamp records the time the restore operation - was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: - type: string - nullable: true - type: array - warnings: - description: - Warnings is a count of all warning messages that were - generated during execution of the restore. The actual warnings are - stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + restorePVs: + description: RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: RestoreStatus specifies which resources we should restore + the status field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which + will not restore the status. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources to which + will restore the status. If empty, it applies to all resources. + items: + type: string + nullable: true + type: array + type: object + scheduleName: + description: ScheduleName is the unique name of the Velero schedule + to restore from. If specified, and BackupName is empty, Velero will + restore from the most recent successful backup created from this + schedule. + type: string + required: + - backupName + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: CompletionTimestamp records the time the restore operation + was completed. Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: Errors is a count of all error messages that were generated + during execution of the restore. The actual errors are stored in + object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore + to fail. + type: string + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + type: string + progress: + description: Progress contains information about the restore's execution + progress. Note that this information is best-effort only -- if Velero + fails to update it during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: TotalItems is the total number of items to be restored. + This number may change throughout the execution of the restore + due to plugins that return additional related items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: RestoreItemOperationsAttempted is the total number of + attempted async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: RestoreItemOperationsCompleted is the total number of + successfully completed async RestoreItemAction operations for this + restore. + type: integer + restoreItemOperationsFailed: + description: RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an + error. + type: integer + startTimestamp: + description: StartTimestamp records the time the restore operation + was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + nullable: true + type: array + warnings: + description: Warnings is a count of all warning messages that were + generated during execution of the restore. The actual warnings are + stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2182,604 +1968,535 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - Schedule is a Velero resource that represents a pre-scheduled - or periodic Backup that should be run. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is a Cron expression defining when to run the - Backup. - type: string - template: - description: - Template is the definition of the Backup to be run on - the provided schedule - properties: - csiSnapshotTimeout: - description: - CSISnapshotTimeout specifies the time used to wait - for CSI VolumeSnapshot status turns to ReadyToUse during creation, - before returning error as timeout. The default value is 10 minute. + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Schedule is a Velero resource that represents a pre-scheduled + or periodic Backup that should be run. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is a Cron expression defining when to run the + Backup. + type: string + template: + description: Template is the definition of the Backup to be run on + the provided schedule + properties: + csiSnapshotTimeout: + description: CSISnapshotTimeout specifies the time used to wait + for CSI VolumeSnapshot status turns to ReadyToUse during creation, + before returning error as timeout. The default value is 10 minute. + type: string + defaultVolumesToFsBackup: + description: DefaultVolumesToFsBackup specifies whether pod volume + file system backup should be used for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: "DefaultVolumesToRestic specifies whether restic + should be used to take a backup of all pod volumes by default. + \n Deprecated: this field is no longer used and will be removed + entirely in future. Use DefaultVolumesToFsBackup instead." + nullable: true + type: boolean + excludedClusterScopedResources: + description: ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. If set to "*", + all cluster-scoped resource types are excluded. The default + value is empty. + items: type: string - defaultVolumesToFsBackup: - description: - DefaultVolumesToFsBackup specifies whether pod volume - file system backup should be used for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: - "DefaultVolumesToRestic specifies whether restic - should be used to take a backup of all pod volumes by default. - \n Deprecated: this field is no longer used and will be removed - entirely in future. Use DefaultVolumesToFsBackup instead." - nullable: true - type: boolean - excludedClusterScopedResources: - description: - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. If set to "*", - all cluster-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. If set to "*", - all namespace-scoped resource types are excluded. The default - value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: - BackupResourceHookSpec defines one or more - BackupResourceHooks that should be executed based on the - rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces specifies the namespaces - to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources specifies the resources - to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: - values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - name: - description: Name is the name of this hook. + nullable: true + type: array + excludedNamespaceScopedResources: + description: ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. If set to "*", + all namespace-scoped resource types are excluded. The default + value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: BackupResourceHookSpec defines one or more + BackupResourceHooks that should be executed based on the + rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: type: string - post: - description: - PostHooks is a list of BackupResourceHooks - to execute after storing the item in the backup. These - are executed after all "additional items" from item - actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces specifies the namespaces + to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources specifies the resources + to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: type: string - required: - - command - type: object - required: - - exec + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. type: object - type: array - pre: - description: - PreHooks is a list of BackupResourceHooks - to execute prior to storing the item in the backup. - These are executed before any "additional items" from - item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: - Container is the container in - the pod where the command should be executed. - If not specified, the pod's first container - is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail + type: object + name: + description: Name is the name of this hook. + type: string + post: + description: PostHooks is a list of BackupResourceHooks + to execute after storing the item in the backup. These + are executed after all "additional items" from item + actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the hook - to complete before considering the execution - a failure. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: PreHooks is a list of BackupResourceHooks + to execute prior to storing the item in the backup. + These are executed before any "additional items" from + item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. If set to "*", - all cluster-scoped resource types are included. The default - value is empty, which means only related cluster-scoped resources - are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. The default value - is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: - ItemOperationTimeout specifies the time used to wait - for asynchronous BackupItemAction operations The default value - is 1 hour. + minItems: 1 + type: array + container: + description: Container is the container in + the pod where the command should be executed. + If not specified, the pod's first container + is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the hook + to complete before considering the execution + a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. If set to "*", + all cluster-scoped resource types are included. The default + value is empty, which means only related cluster-scoped resources + are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. The default value + is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: type: string - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: ItemOperationTimeout specifies the time used to wait + for asynchronous BackupItemAction operations The default value + is 1 hour. + type: string + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: OrLabelSelectors is list of metav1.LabelSelector + to filter with when adding individual objects to the backup. + If multiple provided they will be joined by the OR operator. + LabelSelector as well as OrLabelSelectors cannot co-exist in + backup request, only one of them can be used. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: - A label selector requirement is a selector + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: - description: - key is the label key that the selector + description: key is the label key that the selector applies to. type: string operator: - description: - operator represents a key's relationship + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. items: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: - OrLabelSelectors is list of metav1.LabelSelector - to filter with when adding individual objects to the backup. - If multiple provided they will be joined by the OR operator. - LabelSelector as well as OrLabelSelectors cannot co-exist in - backup request, only one of them can be used. - items: - description: - A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: - matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - nullable: true - type: array - orderedResources: - additionalProperties: - type: string - description: - OrderedResources specifies the backup order of resources - of specific Kind. The map key is the resource name and value - is a list of object names separated by commas. Each resource - name has format "namespace/objectname". For cluster resources, - simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: - APIGroup is the group for the resource being - referenced. If APIGroup is not specified, the specified - Kind must be in the core API group. For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - snapshotVolumes: - description: - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included in the - Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: - TTL is a time.Duration-parseable string describing - how long the Backup should be retained for. + nullable: true + type: array + orderedResources: + additionalProperties: type: string - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: + description: OrderedResources specifies the backup order of resources + of specific Kind. The map key is the resource name and value + is a list of object names separated by commas. Each resource + name has format "namespace/objectname". For cluster resources, + simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: + description: APIGroup is the group for the resource being + referenced. If APIGroup is not specified, the specified + Kind must be in the core API group. For any other third-party + types, APIGroup is required. type: string - type: array - type: object - useOwnerReferencesInBackup: - description: - UseOwnerReferencesBackup specifies whether to use OwnerReferences - on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: - ValidationErrors is a slice of all validation errors - (if applicable) - items: + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + snapshotVolumes: + description: SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included in the + Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: TTL is a time.Duration-parseable string describing + how long the Backup should be retained for. type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: UseOwnerReferencesBackup specifies whether to use OwnerReferences + on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a slice of all validation errors + (if applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2803,74 +2520,69 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - ServerStatusRequest is a request to access current status information - about the Velero server. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: - Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: - ProcessedTimestamp is when the ServerStatusRequest was - processed by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: ServerStatusRequest is a request to access current status information + about the Velero server. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: ProcessedTimestamp is when the ServerStatusRequest was + processed by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2894,88 +2606,79 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: - "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: - VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: - VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml index 573edbe24..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml index 49eecc8a7..0772314bf 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml index b8fd89588..e66d5127b 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.3/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml index 96b1ac2d8..70dbd21c2 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml @@ -7,10 +7,10 @@ metadata: namespace: spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager --- @@ -19,7 +19,7 @@ kind: ClusterRole metadata: name: -metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml index 28efb5959..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml @@ -19,73 +19,73 @@ spec: csm: spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - - --app-mobility-namespace= - - --secret-name= - - --velero-namespace= - command: - - /manager - image: - imagePullPolicy: - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + - --app-mobility-namespace= + - --secret-name= + - --velero-namespace= + command: + - /manager + image: + imagePullPolicy: + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true securityContext: runAsNonRoot: true serviceAccountName: -controller-manager terminationGracePeriodSeconds: 10 volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert --- apiVersion: v1 kind: ServiceAccount metadata: name: -controller-manager - namespace: + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -93,390 +93,390 @@ metadata: creationTimestamp: null name: -manager-role rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - apiGroups: - - mobility.storage.dell.com - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - backups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumebackups/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - podvolumerestores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - restores/status - verbs: - - get - - patch - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/finalizers - verbs: - - update - - apiGroups: - - mobility.storage.dell.com - resources: - - clusterconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotclasses - verbs: - - get - - list - - apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - apiGroups: - - velero.io - resources: - - backups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backups/status - verbs: - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - backups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - backupstoragelocations - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - deletebackuprequests - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - podvolumebackups/finalizers - verbs: - - update - - apiGroups: - - velero.io - resources: - - podvolumebackups/status - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - velero.io - resources: - - podvolumerestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - backuprepositories - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - velero.io - resources: - - restores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - volumegroup.storage.dell.com - resources: - - dellcsivolumegroupsnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - mobility.storage.dell.com - resources: - - schedules/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - mobility.storage.dell.com + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - backups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumebackups/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - podvolumerestores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - restores/status + verbs: + - get + - patch + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/finalizers + verbs: + - update +- apiGroups: + - mobility.storage.dell.com + resources: + - clusterconfigs/status + verbs: + - get + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list +- apiGroups: + - velero.io + resources: + - backups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backups/status + verbs: + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - backups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - backupstoragelocations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - deletebackuprequests + verbs: + - create + - delete + - get + - list + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - podvolumebackups/finalizers + verbs: + - update +- apiGroups: + - velero.io + resources: + - podvolumebackups/status + verbs: + - create + - get + - list + - patch + - update +- apiGroups: + - velero.io + resources: + - podvolumerestores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - backuprepositories + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - velero.io + resources: + - restores + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - volumegroup.storage.dell.com + resources: + - dellcsivolumegroupsnapshots + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - mobility.storage.dell.com + resources: + - schedules/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -484,37 +484,37 @@ metadata: name: -leader-election-role namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -525,37 +525,37 @@ roleRef: kind: ClusterRole name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: creationTimestamp: null name: -manager-role - namespace: + namespace: rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -567,27 +567,27 @@ roleRef: kind: Role name: -leader-election-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: -proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -598,9 +598,9 @@ roleRef: kind: ClusterRole name: -proxy-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: --- apiVersion: v1 data: @@ -620,6 +620,6 @@ roleRef: kind: Role name: -manager-role subjects: - - kind: ServiceAccount - name: -controller-manager - namespace: +- kind: ServiceAccount + name: -controller-manager + namespace: \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml index 692c3c6dc..09a0f1b8d 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-crds.yaml @@ -18,7 +18,7 @@ spec: namespace: path: /convert conversionReviewVersions: - - v1 + - v1 group: mobility.storage.dell.com names: kind: Backup @@ -27,172 +27,172 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Backup is the Schema for the backups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: BackupSpec defines the desired state of Backup - properties: - backupLocation: - description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: Clones is the list of targets where this backup will be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restoreOnceAvailable: - description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: Optionally, specify the targetCluster to restore the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. - nullable: true + - name: v1 + schema: + openAPIV3Schema: + description: Backup is the Schema for the backups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of Backup + properties: + backupLocation: + description: Velero Storage location where k8s resources and application data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will be cloned to. + items: properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to be restored to TargetCluster once available. Default value is false. Setting this to true causes the backup to be restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period - type: string - veleroBackup: - nullable: true - type: string - type: object - status: - description: BackupStatus defines the observed state of Backup - properties: - clones: - items: - properties: - clusterUID: - description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster - nullable: true - type: string - phase: - description: Phase of the restore - type: string - restoreName: - description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. - nullable: true - type: string - restoreOnceAvailable: - description: RestoreOnceAvailable - nullable: true - type: boolean - targetCluster: - description: TargetCluster to which the backup will be restored - nullable: true - type: string + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces that are not included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the backup. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter with when adding individual objects to the backup. If empty or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - completionTimestamp: - description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the Backup. - type: string - startTimestamp: - description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of Backup + properties: + clones: + items: + properties: + clusterUID: + description: ClusterID is the identifier with which cluster was registered - should be the kube-system uid of the targetCLuster + nullable: true + type: string + phase: + description: Phase of the restore + type: string + restoreName: + description: RestoreName is the name of the restore object that will restore the backup. This may or may not be used. + nullable: true + type: string + restoreOnceAvailable: + description: RestoreOnceAvailable + nullable: true + type: boolean + targetCluster: + description: TargetCluster to which the backup will be restored + nullable: true + type: string + type: object + type: array + completionTimestamp: + description: CompletionTimestamp records the time a backup was completed. Completion time is recorded even on failed backups. Completion time is recorded before uploading the backup object. The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the Backup. + type: string + startTimestamp: + description: StartTimestamp records the time a backup was started. The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -218,47 +218,47 @@ spec: singular: clusterconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ClusterConfig is the Schema for the clusterconfigs API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ClusterConfigSpec defines the desired state of ClusterConfig - properties: - clusterName: - description: ClusterName is the name with which the cluster is being registered. - type: string - kubeConfig: - description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. - nullable: true - type: string - secretRef: - description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. - nullable: true - type: string - required: - - clusterName - type: object - status: - description: ClusterConfigStatus defines the observed state of ClusterConfig - properties: - phase: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: ClusterConfig is the Schema for the clusterconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterConfigSpec defines the desired state of ClusterConfig + properties: + clusterName: + description: ClusterName is the name with which the cluster is being registered. + type: string + kubeConfig: + description: KubeConfig contains the kubeConfig that can be used to connect to the cluster being registered.Either this or SecretRef should be specified. + nullable: true + type: string + secretRef: + description: SecretRef is the name of the secret containing kubeConfig to connect to the cluster. Either this or KubeConfig should be specified. + nullable: true + type: string + required: + - clusterName + type: object + status: + description: ClusterConfigStatus defines the observed state of ClusterConfig + properties: + phase: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -284,76 +284,76 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeBackup is the Schema for the podvolumebackups API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup - properties: - backupFromSourceVolume: - description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot - type: boolean - backupStorageLocation: - description: BackupStorage location to backup to - nullable: true - type: string - namespace: - description: Namespace the original pvc and snapshot reside in - nullable: true - type: string - pod: - description: Pod is the name of the pod using the volume to be backed up. - type: string - repoIdentifier: - description: Identifier of the restic repository where this snapshot will be backed up to - type: string - snapshotName: - description: SnapshotName is the name of the snapshot from which to backup - type: string - sourcePVCName: - description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up - type: string - veleroPodVolumeBackup: - description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup - nullable: true - type: string - volume: - description: Volume is the name of the volume within the Pod to be backed up. - type: string - required: - - backupFromSourceVolume - - pod - - snapshotName - - sourcePVCName - - volume - type: object - status: - description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup - properties: - phase: - description: Phase is the current state of the Dell PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeBackup is the Schema for the podvolumebackups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec defines the desired state of PodVolumeBackup + properties: + backupFromSourceVolume: + description: BackupFromSourceVolume is the bool that indicates whether to backup from source volume instead of its snapshot + type: boolean + backupStorageLocation: + description: BackupStorage location to backup to + nullable: true + type: string + namespace: + description: Namespace the original pvc and snapshot reside in + nullable: true + type: string + pod: + description: Pod is the name of the pod using the volume to be backed up. + type: string + repoIdentifier: + description: Identifier of the restic repository where this snapshot will be backed up to + type: string + snapshotName: + description: SnapshotName is the name of the snapshot from which to backup + type: string + sourcePVCName: + description: SourcePVCName is the name of the pvc used to provision the volume which is to be backed up + type: string + veleroPodVolumeBackup: + description: Corresponding velero PodVolumeBackup for this dell PodVolumeBackup + nullable: true + type: string + volume: + description: Volume is the name of the volume within the Pod to be backed up. + type: string + required: + - backupFromSourceVolume + - pod + - snapshotName + - sourcePVCName + - volume + type: object + status: + description: PodVolumeBackupStatus defines the observed state of PodVolumeBackup + properties: + phase: + description: Phase is the current state of the Dell PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -379,65 +379,65 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodVolumeRestore is the Schema for the podvolumerestores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore - properties: - backupStorageLocation: - description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. - type: string - namespace: - description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. - type: string - newNamespace: - description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach - type: string - podName: - description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach - type: string - pvcName: - description: PVCName is the name of the pvc to which data is to be restored - type: string - repoIdentifier: - description: RepoIdentifier is the restic repository identifier. - type: string - resticSnapshotId: - description: ResticSnapshotID is the snapshotID from which data is to be restored - type: string - veleroRestore: - description: Velero restore associated with this pod volume restore; used only for init-container approach - type: string - volumeName: - description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach - type: string - required: - - backupStorageLocation - - repoIdentifier - type: object - status: - description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore - properties: - phase: - description: Phase is the current state of the PodVolumeRestore. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: PodVolumeRestore is the Schema for the podvolumerestores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec defines the desired state of PodVolumeRestore + properties: + backupStorageLocation: + description: BackupStorageLocation is the name of the backup storage location where the restic repository is stored. + type: string + namespace: + description: Should this come from PodVolumeRestore's namespace? Namespace is the namespace the pvc. + type: string + newNamespace: + description: NewNamespace is the namespace that the pod and pvc are being restored to; used only for init-container approach + type: string + podName: + description: PodName is the name of the pod that uses the volume to which data is to be restored; used only for init-container approach + type: string + pvcName: + description: PVCName is the name of the pvc to which data is to be restored + type: string + repoIdentifier: + description: RepoIdentifier is the restic repository identifier. + type: string + resticSnapshotId: + description: ResticSnapshotID is the snapshotID from which data is to be restored + type: string + veleroRestore: + description: Velero restore associated with this pod volume restore; used only for init-container approach + type: string + volumeName: + description: VolumeName is the name of the volume to which data is to be restored; used only for init-container approach + type: string + required: + - backupStorageLocation + - repoIdentifier + type: object + status: + description: PodVolumeRestoreStatus defines the observed state of PodVolumeRestore + properties: + phase: + description: Phase is the current state of the PodVolumeRestore. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -463,85 +463,85 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: Restore is the Schema for the restores API - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the desired state of Restore - properties: - backupName: - description: BackupName is the name of the backup to restore from - type: string - excludedNamespaces: - description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored - items: - type: string - nullable: true - type: array - excludedResources: - description: ExcludedResources is a slice of resource names that are not included in the restore. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. - nullable: true - type: boolean - includedNamespaces: - description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - namespaceMapping: - additionalProperties: - type: string - description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. - type: object - restorePVs: - description: RestorePVs specifies whether to restore all included PVs - nullable: true - type: boolean - type: object - status: - description: RestoreStatus defines the observed state of Restore - properties: - phase: - description: Phase is the current state of the Restore - type: string - podVolumeRestores: - description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore - items: - type: string - nullable: true - type: array - veleroRestore: - description: VeleroRestore is the name of the velero restore created for this Dell restore - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: Restore is the Schema for the restores API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the desired state of Restore + properties: + backupName: + description: BackupName is the name of the backup to restore from + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces in the backup from which resources should not be restored + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that are not included in the restore. + items: + type: string + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped resources should be included for consideration in the restore. If null, defaults to true. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names in the backup to retore objects from If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to include in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + namespaceMapping: + additionalProperties: + type: string + description: NamespaceMapping is a map of source namespace names to target namespace names to restore into. Any source namespaces not included in the map will be restored into namespaces of the same name. + type: object + restorePVs: + description: RestorePVs specifies whether to restore all included PVs + nullable: true + type: boolean + type: object + status: + description: RestoreStatus defines the observed state of Restore + properties: + phase: + description: Phase is the current state of the Restore + type: string + podVolumeRestores: + description: PodVolumeRestores is the slice of podVolumeRestore names created for this Dell restore + items: + type: string + nullable: true + type: array + veleroRestore: + description: VeleroRestore is the name of the velero restore created for this Dell restore + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -567,238 +567,215 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Status - type: string - - jsonPath: .spec.paused - name: Paused - type: boolean - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .status.lastBackupTime - name: lastBackupTime - type: date - name: v1 - schema: - openAPIV3Schema: - description: Schedule is the Schema for the schedules API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the desired state of Schedule - properties: - backupSpec: - description: - BackupSpec is the spec of the Backup to be created on - the specified Schedule. - properties: - backupLocation: - description: - Velero Storage location where k8s resources and application - data will be backed up to. Default value is "default" - nullable: true - type: string - clones: - description: - Clones is the list of targets where this backup will - be cloned to. - items: - properties: - namespaceMapping: - additionalProperties: - type: string - description: - NamespaceMapping is a map of source namespace - names to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - restoreOnceAvailable: - description: - Optionally, specify whether the backup is to - be restored to TargetCluster once available. Default value - is false. Setting this to true causes the backup to be - restored as soon as it is available. - nullable: true - type: boolean - targetCluster: - description: - Optionally, specify the targetCluster to restore - the backup to. - nullable: true - type: string - type: object - nullable: true - type: array - datamover: - description: Default datamover is Restic - nullable: true - type: string - excludedNamespaces: - description: - ExcludedNamespaces contains a list of namespaces - that are not included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources is a slice of resource names that - are not included in the backup. - items: - type: string - nullable: true - type: array - includeClusterResources: - description: - IncludeClusterResources specifies whether cluster-scoped - resources should be included for consideration in the backup. - nullable: true - type: boolean - includedNamespaces: - description: - IncludedNamespaces is a slice of namespace names - to include objects from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: - IncludedResources is a slice of resource names to - include in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector is a metav1.LabelSelector to filter - with when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + - additionalPrinterColumns: + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .spec.paused + name: Paused + type: boolean + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .status.lastBackupTime + name: lastBackupTime + type: date + name: v1 + schema: + openAPIV3Schema: + description: Schedule is the Schema for the schedules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the desired state of Schedule + properties: + backupSpec: + description: BackupSpec is the spec of the Backup to be created on + the specified Schedule. + properties: + backupLocation: + description: Velero Storage location where k8s resources and application + data will be backed up to. Default value is "default" + nullable: true + type: string + clones: + description: Clones is the list of targets where this backup will + be cloned to. + items: properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: - A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: - operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: - values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: + namespaceMapping: additionalProperties: type: string - description: - matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: NamespaceMapping is a map of source namespace + names to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. type: object + restoreOnceAvailable: + description: Optionally, specify whether the backup is to + be restored to TargetCluster once available. Default value + is false. Setting this to true causes the backup to be + restored as soon as it is available. + nullable: true + type: boolean + targetCluster: + description: Optionally, specify the targetCluster to restore + the backup to. + nullable: true + type: string type: object - podVolumeBackups: - items: - type: string - nullable: true - type: array - ttl: - description: TTL the Dell Backup retention period + nullable: true + type: array + datamover: + description: Default datamover is Restic + nullable: true + type: string + excludedNamespaces: + description: ExcludedNamespaces contains a list of namespaces + that are not included in the backup. + items: type: string - veleroBackup: - nullable: true + nullable: true + type: array + excludedResources: + description: ExcludedResources is a slice of resource names that + are not included in the backup. + items: type: string - type: object - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: - Schedule is the cron expression representing when to - create the Backup. - type: string - setOwnerReferencesInBackup: - description: - SetOwnerReferencesInBackup specifies whether to set OwnerReferences - on Backups created by this Schedule. - nullable: true - type: boolean - required: - - backupSpec - - schedule - type: object - status: - description: ScheduleStatus defines the observed state of Schedule - properties: - lastBackupTime: - description: - LastBackupTime is the last time when a backup was created - successfully from this schedule. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the schdule. - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: ValidationErrors is a list of validation errors, if any - items: + nullable: true + type: array + includeClusterResources: + description: IncludeClusterResources specifies whether cluster-scoped + resources should be included for consideration in the backup. + nullable: true + type: boolean + includedNamespaces: + description: IncludedNamespaces is a slice of namespace names + to include objects from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: IncludedResources is a slice of resource names to + include in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector is a metav1.LabelSelector to filter + with when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + podVolumeBackups: + items: + type: string + nullable: true + type: array + ttl: + description: TTL the Dell Backup retention period + type: string + veleroBackup: + nullable: true type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: Schedule is the cron expression representing when to + create the Backup. + type: string + setOwnerReferencesInBackup: + description: SetOwnerReferencesInBackup specifies whether to set OwnerReferences + on Backups created by this Schedule. + nullable: true + type: boolean + required: + - backupSpec + - schedule + type: object + status: + description: ScheduleStatus defines the observed state of Schedule + properties: + lastBackupTime: + description: LastBackupTime is the last time when a backup was created + successfully from this schedule. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the schdule. + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: ValidationErrors is a list of validation errors, if any + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml index fea760de2..47a420155 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml @@ -5,9 +5,9 @@ metadata: namespace: spec: ports: - - port: 443 - protocol: TCP - targetPort: 9443 + - port: 443 + protocol: TCP + targetPort: 9443 selector: control-plane: controller-manager --- @@ -18,26 +18,26 @@ metadata: cert-manager.io/inject-ca-from: /-serving-cert name: -mutating-webhook-configuration webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /mutate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: mbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /mutate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: mbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -46,23 +46,23 @@ metadata: cert-manager.io/inject-ca-from: /-serving-cert name: -validating-webhook-configuration webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -webhook-service - namespace: - path: /validate-mobility-storage-dell-com-v1-backup - failurePolicy: Fail - name: vbackup.mobility.storage.dell.com - rules: - - apiGroups: - - mobility.storage.dell.com - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - backups - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -webhook-service + namespace: + path: /validate-mobility-storage-dell-com-v1-backup + failurePolicy: Fail + name: vbackup.mobility.storage.dell.com + rules: + - apiGroups: + - mobility.storage.dell.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - backups + sideEffects: None \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml index 06216bf10..92903f461 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/certificate.yaml @@ -13,9 +13,9 @@ metadata: namespace: spec: dnsNames: - - -webhook-service..svc - - -webhook-service..svc.cluster.local + - -webhook-service..svc + - -webhook-service..svc.cluster.local issuerRef: kind: Issuer name: -selfsigned-issuer - secretName: webhook-server-cert + secretName: webhook-server-cert \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml index 20231f870..c187685e6 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-backupstoragelocation.yaml @@ -12,7 +12,7 @@ spec: objectStorage: bucket: default: true - config: - region: - s3ForcePathStyle: true - s3Url: + config: + region: + s3ForcePathStyle: true + s3Url: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml index 4492bef26..78325b3de 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-crds.yaml @@ -16,97 +16,94 @@ spec: singular: backuprepository scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.repositoryType - name: Repository Type - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BackupRepositorySpec is the specification for a BackupRepository. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the BackupStorageLocation - that should contain this repository. - type: string - maintenanceFrequency: - description: - MaintenanceFrequency is how often maintenance should - be run. - type: string - repositoryType: - description: RepositoryType indicates the type of the backend repository - enum: - - kopia - - restic - - "" - type: string - resticIdentifier: - description: |- - ResticIdentifier is the full restic-compatible string for identifying - this repository. - type: string - volumeNamespace: - description: |- - VolumeNamespace is the namespace this backup repository contains - pod volume backups for. - type: string - required: - - backupStorageLocation - - maintenanceFrequency - - resticIdentifier - - volumeNamespace - type: object - status: - description: BackupRepositoryStatus is the current status of a BackupRepository. - properties: - lastMaintenanceTime: - description: - LastMaintenanceTime is the last time maintenance was - run. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the current status of the - BackupRepository. - type: string - phase: - description: Phase is the current state of the BackupRepository. - enum: - - New - - Ready - - NotReady - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.repositoryType + name: Repository Type + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupRepositorySpec is the specification for a BackupRepository. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the BackupStorageLocation + that should contain this repository. + type: string + maintenanceFrequency: + description: MaintenanceFrequency is how often maintenance should + be run. + type: string + repositoryType: + description: RepositoryType indicates the type of the backend repository + enum: + - kopia + - restic + - "" + type: string + resticIdentifier: + description: |- + ResticIdentifier is the full restic-compatible string for identifying + this repository. + type: string + volumeNamespace: + description: |- + VolumeNamespace is the namespace this backup repository contains + pod volume backups for. + type: string + required: + - backupStorageLocation + - maintenanceFrequency + - resticIdentifier + - volumeNamespace + type: object + status: + description: BackupRepositoryStatus is the current status of a BackupRepository. + properties: + lastMaintenanceTime: + description: LastMaintenanceTime is the last time maintenance was + run. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the current status of the + BackupRepository. + type: string + phase: + description: Phase is the current state of the BackupRepository. + enum: + - New + - Ready + - NotReady + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -132,344 +129,393 @@ spec: singular: backup scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Backup is a Velero resource that represents the capture of Kubernetes - cluster state at a point in time (API objects and associated volume state). - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BackupSpec defines the specification for a Velero backup. - properties: - csiSnapshotTimeout: - description: |- - CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to - ReadyToUse during creation, before returning error as timeout. - The default value is 10 minute. - type: string - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - defaultVolumesToFsBackup: - description: |- - DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used - for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: |- - DefaultVolumesToRestic specifies whether restic should be used to take a - backup of all pod volumes by default. + - name: v1 + schema: + openAPIV3Schema: + description: |- + Backup is a Velero resource that represents the capture of Kubernetes + cluster state at a point in time (API objects and associated volume state). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupSpec defines the specification for a Velero backup. + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. - Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. - nullable: true - type: boolean - excludedClusterScopedResources: - description: |- - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. - If set to "*", all cluster-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: |- - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. - If set to "*", all namespace-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: |- - BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command type: object + required: + - exec type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: + type: string + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - post: - description: |- - PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. - These are executed after all "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - pre: - description: |- - PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. - These are executed before any "additional items" from item actions are processed. - items: - description: BackupResourceHook defines a hook for a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: |- - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. - If set to "*", all cluster-scoped resource types are included. - The default value is empty, which means only related - cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: |- - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. - The default value is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations - The default value is 4 hour. - type: string - labelSelector: - description: |- - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -477,8 +523,7 @@ spec: relates the key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: @@ -496,8 +541,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -510,296 +555,224 @@ spec: type: object type: object x-kubernetes-map-type: atomic - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of them - can be used. - items: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource policies + that backup should follow + properties: + apiGroup: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - orderedResources: - additionalProperties: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string - description: |- - OrderedResources specifies the backup order of resources of specific Kind. - The map key is the resource name and value is a list of object names separated by commas. - Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource policies - that backup should follow - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - snapshotMoveData: - description: - SnapshotMoveData specifies whether snapshot data should - be moved - nullable: true - type: boolean - snapshotVolumes: - description: |- - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included - in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of a - BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: |- - TTL is a time.Duration-parseable string describing how long - the Backup should be retained for. - type: string - uploaderConfig: - description: UploaderConfig specifies the configuration for the uploader. - nullable: true - properties: - parallelFilesUpload: - description: - ParallelFilesUpload is the number of files parallel - uploads to perform when using the uploader. - type: integer - type: object - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names of - VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - status: - description: BackupStatus captures the current status of a Velero backup. - properties: - backupItemOperationsAttempted: - description: |- - BackupItemOperationsAttempted is the total number of attempted - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsCompleted: - description: |- - BackupItemOperationsCompleted is the total number of successfully completed - async BackupItemAction operations for this backup. - type: integer - backupItemOperationsFailed: - description: |- - BackupItemOperationsFailed is the total number of async - BackupItemAction operations for this backup which ended with an error. - type: integer - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - csiVolumeSnapshotsAttempted: - description: |- - CSIVolumeSnapshotsAttempted is the total number of attempted - CSI VolumeSnapshots for this backup. - type: integer - csiVolumeSnapshotsCompleted: - description: |- - CSIVolumeSnapshotsCompleted is the total number of successfully - completed CSI VolumeSnapshots for this backup. - type: integer - errors: - description: |- - Errors is a count of all error messages that were generated during - execution of the backup. The actual errors are in the backup's log - file in object storage. - type: integer - expiration: - description: Expiration is when this Backup is eligible for garbage-collection. - format: date-time - nullable: true - type: string - failureReason: - description: - FailureReason is an error that caused the entire backup - to fail. - type: string - formatVersion: - description: - FormatVersion is the backup format version, including - major, minor, and patch version. - type: string - hookStatus: - description: - HookStatus contains information about the status of the - hooks. - nullable: true - properties: - hooksAttempted: - description: |- - HooksAttempted is the total number of attempted hooks - Specifically, HooksAttempted represents the number of hooks that failed to execute - and the number of hooks that executed successfully. - type: integer - hooksFailed: - description: - HooksFailed is the total number of hooks which ended - with an error - type: integer - type: object - phase: - description: Phase is the current state of the Backup. - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Finalizing - - FinalizingPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Deleting - type: string - progress: - description: |- - Progress contains information about the backup's execution progress. Note - that this information is best-effort only -- if Velero fails to update it - during a backup for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsBackedUp: - description: |- - ItemsBackedUp is the number of items that have actually been written to the - backup tarball so far. - type: integer - totalItems: - description: |- - TotalItems is the total number of items to be backed up. This number may change - throughout the execution of the backup due to plugins that return additional related - items to back up, the velero.io/exclude-from-backup label, and various other - filters that happen as items are processed. - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable). - items: + name: + description: Name is the name of resource being referenced type: string - nullable: true - type: array - version: - description: |- - Version is the backup format major version. - Deprecated: Please see FormatVersion - type: integer - volumeSnapshotsAttempted: - description: |- - VolumeSnapshotsAttempted is the total number of attempted - volume snapshots for this backup. - type: integer - volumeSnapshotsCompleted: - description: |- - VolumeSnapshotsCompleted is the total number of successfully - completed volume snapshots for this backup. - type: integer - warnings: - description: |- - Warnings is a count of all warning messages that were generated during - execution of the backup. The actual warnings are in the backup's log - file in object storage. - type: integer - type: object - type: object - served: true - storage: true + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data should + be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of a + BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names of + VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + status: + description: BackupStatus captures the current status of a Velero backup. + properties: + backupItemOperationsAttempted: + description: |- + BackupItemOperationsAttempted is the total number of attempted + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsCompleted: + description: |- + BackupItemOperationsCompleted is the total number of successfully completed + async BackupItemAction operations for this backup. + type: integer + backupItemOperationsFailed: + description: |- + BackupItemOperationsFailed is the total number of async + BackupItemAction operations for this backup which ended with an error. + type: integer + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + csiVolumeSnapshotsAttempted: + description: |- + CSIVolumeSnapshotsAttempted is the total number of attempted + CSI VolumeSnapshots for this backup. + type: integer + csiVolumeSnapshotsCompleted: + description: |- + CSIVolumeSnapshotsCompleted is the total number of successfully + completed CSI VolumeSnapshots for this backup. + type: integer + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the backup. The actual errors are in the backup's log + file in object storage. + type: integer + expiration: + description: Expiration is when this Backup is eligible for garbage-collection. + format: date-time + nullable: true + type: string + failureReason: + description: FailureReason is an error that caused the entire backup + to fail. + type: string + formatVersion: + description: FormatVersion is the backup format version, including + major, minor, and patch version. + type: string + hookStatus: + description: HookStatus contains information about the status of the + hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks which ended + with an error + type: integer + type: object + phase: + description: Phase is the current state of the Backup. + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Finalizing + - FinalizingPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Deleting + type: string + progress: + description: |- + Progress contains information about the backup's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a backup for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsBackedUp: + description: |- + ItemsBackedUp is the number of items that have actually been written to the + backup tarball so far. + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be backed up. This number may change + throughout the execution of the backup due to plugins that return additional related + items to back up, the velero.io/exclude-from-backup label, and various other + filters that happen as items are processed. + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable). + items: + type: string + nullable: true + type: array + version: + description: |- + Version is the backup format major version. + Deprecated: Please see FormatVersion + type: integer + volumeSnapshotsAttempted: + description: |- + VolumeSnapshotsAttempted is the total number of attempted + volume snapshots for this backup. + type: integer + volumeSnapshotsCompleted: + description: |- + VolumeSnapshotsCompleted is the total number of successfully + completed volume snapshots for this backup. + type: integer + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the backup. The actual warnings are in the backup's log + file in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -823,194 +796,180 @@ spec: listKind: BackupStorageLocationList plural: backupstoragelocations shortNames: - - bsl + - bsl singular: backupstoragelocation scope: Namespaced versions: - - additionalPrinterColumns: - - description: Backup Storage Location status such as Available/Unavailable - jsonPath: .status.phase - name: Phase - type: string - - description: - LastValidationTime is the last time the backup store location was - validated - jsonPath: .status.lastValidationTime - name: Last Validated - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Default backup storage location - jsonPath: .spec.default - name: Default - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: - BackupStorageLocation is a location where Velero stores backup - objects - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - BackupStorageLocationSpec defines the desired state of a - Velero BackupStorageLocation - properties: - accessMode: - description: - AccessMode defines the permissions for the backup storage - location. - enum: - - ReadOnly - - ReadWrite - type: string - backupSyncPeriod: - description: - BackupSyncPeriod defines how frequently to sync backup - API objects from object storage. A value of 0 disables sync. - nullable: true - type: string - config: - additionalProperties: + - additionalPrinterColumns: + - description: Backup Storage Location status such as Available/Unavailable + jsonPath: .status.phase + name: Phase + type: string + - description: LastValidationTime is the last time the backup store location was + validated + jsonPath: .status.lastValidationTime + name: Last Validated + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Default backup storage location + jsonPath: .spec.default + name: Default + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: BackupStorageLocation is a location where Velero stores backup + objects + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BackupStorageLocationSpec defines the desired state of a + Velero BackupStorageLocation + properties: + accessMode: + description: AccessMode defines the permissions for the backup storage + location. + enum: + - ReadOnly + - ReadWrite + type: string + backupSyncPeriod: + description: BackupSyncPeriod defines how frequently to sync backup + API objects from object storage. A value of 0 disables sync. + nullable: true + type: string + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - default: - description: - Default indicates this location is the default backup - storage location. - type: boolean - objectStorage: - description: - ObjectStorageLocation specifies the settings necessary - to connect to a provider's object storage. - properties: - bucket: - description: Bucket is the bucket to use for object storage. - type: string - caCert: - description: - CACert defines a CA bundle to use when verifying - TLS connections to the provider. - format: byte - type: string - prefix: - description: - Prefix is the path inside a bucket to use for Velero - storage. Optional. - type: string - required: - - bucket - type: object - provider: - description: Provider is the provider of the backup storage. - type: string - validationFrequency: - description: - ValidationFrequency defines how frequently to validate - the corresponding object storage. A value of 0 disables validation. - nullable: true - type: string - required: - - objectStorage - - provider - type: object - status: - description: - BackupStorageLocationStatus defines the observed state of - BackupStorageLocation - properties: - accessMode: - description: |- - AccessMode is an unused field. + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + default: + description: Default indicates this location is the default backup + storage location. + type: boolean + objectStorage: + description: ObjectStorageLocation specifies the settings necessary + to connect to a provider's object storage. + properties: + bucket: + description: Bucket is the bucket to use for object storage. + type: string + caCert: + description: CACert defines a CA bundle to use when verifying + TLS connections to the provider. + format: byte + type: string + prefix: + description: Prefix is the path inside a bucket to use for Velero + storage. Optional. + type: string + required: + - bucket + type: object + provider: + description: Provider is the provider of the backup storage. + type: string + validationFrequency: + description: ValidationFrequency defines how frequently to validate + the corresponding object storage. A value of 0 disables validation. + nullable: true + type: string + required: + - objectStorage + - provider + type: object + status: + description: BackupStorageLocationStatus defines the observed state of + BackupStorageLocation + properties: + accessMode: + description: |- + AccessMode is an unused field. - Deprecated: there is now an AccessMode field on the Spec and this field - will be removed entirely as of v2.0. - enum: - - ReadOnly - - ReadWrite - type: string - lastSyncedRevision: - description: |- - LastSyncedRevision is the value of the `metadata/revision` file in the backup - storage location the last time the BSL's contents were synced into the cluster. + Deprecated: there is now an AccessMode field on the Spec and this field + will be removed entirely as of v2.0. + enum: + - ReadOnly + - ReadWrite + type: string + lastSyncedRevision: + description: |- + LastSyncedRevision is the value of the `metadata/revision` file in the backup + storage location the last time the BSL's contents were synced into the cluster. - Deprecated: this field is no longer updated or used for detecting changes to - the location's contents and will be removed entirely in v2.0. - type: string - lastSyncedTime: - description: |- - LastSyncedTime is the last time the contents of the location were synced into - the cluster. - format: date-time - nullable: true - type: string - lastValidationTime: - description: |- - LastValidationTime is the last time the backup store location was validated - the cluster. - format: date-time - nullable: true - type: string - message: - description: - Message is a message about the backup storage location's - status. - type: string - phase: - description: Phase is the current state of the BackupStorageLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true - subresources: {} + Deprecated: this field is no longer updated or used for detecting changes to + the location's contents and will be removed entirely in v2.0. + type: string + lastSyncedTime: + description: |- + LastSyncedTime is the last time the contents of the location were synced into + the cluster. + format: date-time + nullable: true + type: string + lastValidationTime: + description: |- + LastValidationTime is the last time the backup store location was validated + the cluster. + format: date-time + nullable: true + type: string + message: + description: Message is a message about the backup storage location's + status. + type: string + phase: + description: Phase is the current state of the BackupStorageLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1035,185 +994,179 @@ spec: singular: datadownload scope: Namespaced versions: - - additionalPrinterColumns: - - description: DataDownload status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time duration since this DataDownload was started - jsonPath: .status.startTimestamp - name: Started - type: date - - description: Completed bytes - format: int64 - jsonPath: .status.progress.bytesDone - name: Bytes Done - type: integer - - description: Total bytes - format: int64 - jsonPath: .status.progress.totalBytes - name: Total Bytes - type: integer - - description: Name of the Backup Storage Location where the backup data is stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - description: Time duration since this DataDownload was created - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Name of the node where the DataDownload is processed - jsonPath: .status.node - name: Node - type: string - name: v2alpha1 - schema: - openAPIV3Schema: - description: - DataDownload acts as the protocol between data mover plugins - and data mover controller for the datamover restore operation - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DataDownloadSpec is the specification for a DataDownload. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - cancel: - description: |- - Cancel indicates request to cancel the ongoing DataDownload. It can be set - when the DataDownload is in InProgress phase - type: boolean - dataMoverConfig: - additionalProperties: + - additionalPrinterColumns: + - description: DataDownload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataDownload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where the backup data is stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataDownload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataDownload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: DataDownload acts as the protocol between data mover plugins + and data mover controller for the datamover restore operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataDownloadSpec is the specification for a DataDownload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataDownload. It can be set + when the DataDownload is in InProgress phase + type: boolean + dataMoverConfig: + additionalProperties: + type: string + description: DataMoverConfig is for data-mover-specific configuration + fields. + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotID: + description: SnapshotID is the ID of the Velero backup snapshot to + be restored from. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It may be different from SourcePVC's namespace if namespace is remapped during restore. + type: string + targetVolume: + description: TargetVolume is the information of the target PVC and + PV. + properties: + namespace: + description: Namespace is the target namespace type: string - description: - DataMoverConfig is for data-mover-specific configuration - fields. - type: object - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - operationTimeout: - description: |- - OperationTimeout specifies the time used to wait internal operations, - before returning error as timeout. - type: string - snapshotID: - description: - SnapshotID is the ID of the Velero backup snapshot to - be restored from. - type: string - sourceNamespace: - description: |- - SourceNamespace is the original namespace where the volume is backed up from. - It may be different from SourcePVC's namespace if namespace is remapped during restore. - type: string - targetVolume: - description: - TargetVolume is the information of the target PVC and - PV. - properties: - namespace: - description: Namespace is the target namespace - type: string - pv: - description: - PV is the name of the target PV that is created by - Velero restore - type: string - pvc: - description: - PVC is the name of the target PVC that is created - by Velero restore - type: string - required: - - namespace - - pv - - pvc - type: object - required: - - backupStorageLocation - - operationTimeout - - snapshotID - - sourceNamespace - - targetVolume - type: object - status: - description: DataDownloadStatus is the current status of a DataDownload. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the DataDownload's status. - type: string - node: - description: Node is name of the node where the DataDownload is processed. - type: string - phase: - description: Phase is the current state of the DataDownload. - enum: - - New - - Accepted - - Prepared - - InProgress - - Canceling - - Canceled - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the snapshot and the current - number of restored bytes. This can be used to display progress information - about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + pv: + description: PV is the name of the target PV that is created by + Velero restore + type: string + pvc: + description: PVC is the name of the target PVC that is created + by Velero restore + type: string + required: + - namespace + - pv + - pvc + type: object + required: + - backupStorageLocation + - operationTimeout + - snapshotID + - sourceNamespace + - targetVolume + type: object + status: + description: DataDownloadStatus is the current status of a DataDownload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the DataDownload's status. + type: string + node: + description: Node is name of the node where the DataDownload is processed. + type: string + phase: + description: Phase is the current state of the DataDownload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1232,216 +1185,204 @@ spec: singular: dataupload scope: Namespaced versions: - - additionalPrinterColumns: - - description: DataUpload status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time duration since this DataUpload was started - jsonPath: .status.startTimestamp - name: Started - type: date - - description: Completed bytes - format: int64 - jsonPath: .status.progress.bytesDone - name: Bytes Done - type: integer - - description: Total bytes - format: int64 - jsonPath: .status.progress.totalBytes - name: Total Bytes - type: integer - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - description: Time duration since this DataUpload was created - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Name of the node where the DataUpload is processed - jsonPath: .status.node - name: Node - type: string - name: v2alpha1 - schema: - openAPIV3Schema: - description: - DataUpload acts as the protocol between data mover plugins and - data mover controller for the datamover backup operation - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DataUploadSpec is the specification for a DataUpload. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - cancel: - description: |- - Cancel indicates request to cancel the ongoing DataUpload. It can be set - when the DataUpload is in InProgress phase - type: boolean - csiSnapshot: - description: - If SnapshotType is CSI, CSISnapshot provides the information - of the CSI snapshot. - nullable: true - properties: - snapshotClass: - description: - SnapshotClass is the name of the snapshot class that - the volume snapshot is created with - type: string - storageClass: - description: - StorageClass is the name of the storage class of - the PVC that the volume snapshot is created from - type: string - volumeSnapshot: - description: - VolumeSnapshot is the name of the volume snapshot - to be backed up - type: string - required: - - storageClass - - volumeSnapshot - type: object - dataMoverConfig: - additionalProperties: + - additionalPrinterColumns: + - description: DataUpload status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time duration since this DataUpload was started + jsonPath: .status.startTimestamp + name: Started + type: date + - description: Completed bytes + format: int64 + jsonPath: .status.progress.bytesDone + name: Bytes Done + type: integer + - description: Total bytes + format: int64 + jsonPath: .status.progress.totalBytes + name: Total Bytes + type: integer + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - description: Time duration since this DataUpload was created + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Name of the node where the DataUpload is processed + jsonPath: .status.node + name: Node + type: string + name: v2alpha1 + schema: + openAPIV3Schema: + description: DataUpload acts as the protocol between data mover plugins and + data mover controller for the datamover backup operation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DataUploadSpec is the specification for a DataUpload. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + cancel: + description: |- + Cancel indicates request to cancel the ongoing DataUpload. It can be set + when the DataUpload is in InProgress phase + type: boolean + csiSnapshot: + description: If SnapshotType is CSI, CSISnapshot provides the information + of the CSI snapshot. + nullable: true + properties: + snapshotClass: + description: SnapshotClass is the name of the snapshot class that + the volume snapshot is created with type: string - description: - DataMoverConfig is for data-mover-specific configuration - fields. - nullable: true - type: object - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - operationTimeout: - description: |- - OperationTimeout specifies the time used to wait internal operations, - before returning error as timeout. - type: string - snapshotType: - description: - SnapshotType is the type of the snapshot to be backed - up. - type: string - sourceNamespace: - description: |- - SourceNamespace is the original namespace where the volume is backed up from. - It is the same namespace for SourcePVC and CSI namespaced objects. - type: string - sourcePVC: - description: - SourcePVC is the name of the PVC which the snapshot is - taken for. - type: string - required: - - backupStorageLocation - - operationTimeout - - snapshotType - - sourceNamespace - - sourcePVC - type: object - status: - description: DataUploadStatus is the current status of a DataUpload. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - dataMoverResult: - additionalProperties: + storageClass: + description: StorageClass is the name of the storage class of + the PVC that the volume snapshot is created from type: string - description: - DataMoverResult stores data-mover-specific information - as a result of the DataUpload. - nullable: true - type: object - message: - description: Message is a message about the DataUpload's status. - type: string - node: - description: Node is name of the node where the DataUpload is processed. - type: string - path: - description: - Path is the full path of the snapshot volume being backed - up. - type: string - phase: - description: Phase is the current state of the DataUpload. - enum: - - New - - Accepted - - Prepared - - InProgress - - Canceling - - Canceled - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the volume and the current - number of backed up bytes. This can be used to display progress information - about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot in the - backup repository. - type: string - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + volumeSnapshot: + description: VolumeSnapshot is the name of the volume snapshot + to be backed up + type: string + required: + - storageClass + - volumeSnapshot + type: object + dataMoverConfig: + additionalProperties: + type: string + description: DataMoverConfig is for data-mover-specific configuration + fields. + nullable: true + type: object + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + operationTimeout: + description: |- + OperationTimeout specifies the time used to wait internal operations, + before returning error as timeout. + type: string + snapshotType: + description: SnapshotType is the type of the snapshot to be backed + up. + type: string + sourceNamespace: + description: |- + SourceNamespace is the original namespace where the volume is backed up from. + It is the same namespace for SourcePVC and CSI namespaced objects. + type: string + sourcePVC: + description: SourcePVC is the name of the PVC which the snapshot is + taken for. + type: string + required: + - backupStorageLocation + - operationTimeout + - snapshotType + - sourceNamespace + - sourcePVC + type: object + status: + description: DataUploadStatus is the current status of a DataUpload. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + dataMoverResult: + additionalProperties: + type: string + description: DataMoverResult stores data-mover-specific information + as a result of the DataUpload. + nullable: true + type: object + message: + description: Message is a message about the DataUpload's status. + type: string + node: + description: Node is name of the node where the DataUpload is processed. + type: string + path: + description: Path is the full path of the snapshot volume being backed + up. + type: string + phase: + description: Phase is the current state of the DataUpload. + enum: + - New + - Accepted + - Prepared + - InProgress + - Canceling + - Canceled + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot in the + backup repository. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1461,70 +1402,68 @@ spec: singular: deletebackuprequest scope: Namespaced versions: - - additionalPrinterColumns: - - description: The name of the backup to be deleted - jsonPath: .spec.backupName - name: BackupName - type: string - - description: The status of the deletion request - jsonPath: .status.phase - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: DeleteBackupRequest is a request to delete one or more backups. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - DeleteBackupRequestSpec is the specification for which backups - to delete. - properties: - backupName: - type: string - required: - - backupName - type: object - status: - description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. - properties: - errors: - description: - Errors contains any errors that were encountered during - the deletion process. - items: - type: string - nullable: true - type: array - phase: - description: Phase is the current state of the DeleteBackupRequest. - enum: - - New - - InProgress - - Processed - type: string - type: object - type: object - served: true - storage: true - subresources: {} + - additionalPrinterColumns: + - description: The name of the backup to be deleted + jsonPath: .spec.backupName + name: BackupName + type: string + - description: The status of the deletion request + jsonPath: .status.phase + name: Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: DeleteBackupRequest is a request to delete one or more backups. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DeleteBackupRequestSpec is the specification for which backups + to delete. + properties: + backupName: + type: string + required: + - backupName + type: object + status: + description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest. + properties: + errors: + description: Errors contains any errors that were encountered during + the deletion process. + items: + type: string + nullable: true + type: array + phase: + description: Phase is the current state of the DeleteBackupRequest. + enum: + - New + - InProgress + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1550,91 +1489,88 @@ spec: singular: downloadrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - DownloadRequest is a request to download an artifact from backup object storage, such as a backup - log file. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DownloadRequestSpec is the specification for a download request. - properties: - target: - description: Target is what to download (e.g. logs for a backup). - properties: - kind: - description: Kind is the type of file to download. - enum: - - BackupLog - - BackupContents - - BackupVolumeSnapshots - - BackupItemOperations - - BackupResourceList - - BackupResults - - RestoreLog - - RestoreResults - - RestoreResourceList - - RestoreItemOperations - - CSIBackupVolumeSnapshots - - CSIBackupVolumeSnapshotContents - - BackupVolumeInfos - - RestoreVolumeInfo - type: string - name: - description: - Name is the name of the Kubernetes resource with - which the file is associated. - type: string - required: - - kind - - name - type: object - required: - - target - type: object - status: - description: DownloadRequestStatus is the current status of a DownloadRequest. - properties: - downloadURL: - description: - DownloadURL contains the pre-signed URL for the target - file. - type: string - expiration: - description: - Expiration is when this DownloadRequest expires and can - be deleted by the system. - format: date-time - nullable: true - type: string - phase: - description: Phase is the current state of the DownloadRequest. - enum: - - New - - Processed - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: |- + DownloadRequest is a request to download an artifact from backup object storage, such as a backup + log file. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DownloadRequestSpec is the specification for a download request. + properties: + target: + description: Target is what to download (e.g. logs for a backup). + properties: + kind: + description: Kind is the type of file to download. + enum: + - BackupLog + - BackupContents + - BackupVolumeSnapshots + - BackupItemOperations + - BackupResourceList + - BackupResults + - RestoreLog + - RestoreResults + - RestoreResourceList + - RestoreItemOperations + - CSIBackupVolumeSnapshots + - CSIBackupVolumeSnapshotContents + - BackupVolumeInfos + - RestoreVolumeInfo + type: string + name: + description: Name is the name of the Kubernetes resource with + which the file is associated. + type: string + required: + - kind + - name + type: object + required: + - target + type: object + status: + description: DownloadRequestStatus is the current status of a DownloadRequest. + properties: + downloadURL: + description: DownloadURL contains the pre-signed URL for the target + file. + type: string + expiration: + description: Expiration is when this DownloadRequest expires and can + be deleted by the system. + format: date-time + nullable: true + type: string + phase: + description: Phase is the current state of the DownloadRequest. + enum: + - New + - Processed + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -1660,219 +1596,213 @@ spec: singular: podvolumebackup scope: Namespaced versions: - - additionalPrinterColumns: - - description: Pod Volume Backup status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Time when this backup was started - jsonPath: .status.startTimestamp - name: Created - type: date - - description: Namespace of the pod containing the volume to be backed up - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be backed up - jsonPath: .spec.pod.name - name: Pod - type: string - - description: Name of the volume to be backed up - jsonPath: .spec.volume - name: Volume - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: - Name of the Backup Storage Location where this backup should be - stored - jsonPath: .spec.backupStorageLocation - name: Storage Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - node: - description: - Node is the name of the node that the Pod is running - on. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be backed up. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - tags: - additionalProperties: + - additionalPrinterColumns: + - description: Pod Volume Backup status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Time when this backup was started + jsonPath: .status.startTimestamp + name: Created + type: date + - description: Namespace of the pod containing the volume to be backed up + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be backed up + jsonPath: .spec.pod.name + name: Pod + type: string + - description: Name of the volume to be backed up + jsonPath: .spec.volume + name: Volume + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the Backup Storage Location where this backup should be + stored + jsonPath: .spec.backupStorageLocation + name: Storage Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeBackupSpec is the specification for a PodVolumeBackup. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + node: + description: Node is the name of the node that the Pod is running + on. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be backed up. + properties: + apiVersion: + description: API version of the referent. type: string - description: |- - Tags are a map of key-value pairs that should be applied to the - volume backup as tags. - type: object - uploaderSettings: - additionalProperties: + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string - description: |- - UploaderSettings are a map of key-value pairs that should be applied to the - uploader configuration. - nullable: true - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: |- - Volume is the name of the volume within the Pod to be backed - up. - type: string - required: - - backupStorageLocation - - node - - pod - - repoIdentifier - - volume - type: object - status: - description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a backup was completed. - Completion time is recorded even on failed backups. - Completion time is recorded before uploading the backup object. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume backup's status. - type: string - path: - description: - Path is the full path within the controller pod being - backed up. - type: string - phase: - description: Phase is the current state of the PodVolumeBackup. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the volume and the current - number of backed up bytes. This can be used to display progress information - about the backup operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - snapshotID: - description: - SnapshotID is the identifier for the snapshot of the - pod volume. - type: string - startTimestamp: - description: |- - StartTimestamp records the time a backup was started. - Separate from CreationTimestamp, since that value changes - on restores. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + tags: + additionalProperties: + type: string + description: |- + Tags are a map of key-value pairs that should be applied to the + volume backup as tags. + type: object + uploaderSettings: + additionalProperties: + type: string + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: |- + Volume is the name of the volume within the Pod to be backed + up. + type: string + required: + - backupStorageLocation + - node + - pod + - repoIdentifier + - volume + type: object + status: + description: PodVolumeBackupStatus is the current status of a PodVolumeBackup. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a backup was completed. + Completion time is recorded even on failed backups. + Completion time is recorded before uploading the backup object. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume backup's status. + type: string + path: + description: Path is the full path within the controller pod being + backed up. + type: string + phase: + description: Phase is the current state of the PodVolumeBackup. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the volume and the current + number of backed up bytes. This can be used to display progress information + about the backup operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + snapshotID: + description: SnapshotID is the identifier for the snapshot of the + pod volume. + type: string + startTimestamp: + description: |- + StartTimestamp records the time a backup was started. + Separate from CreationTimestamp, since that value changes + on restores. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -1898,203 +1828,199 @@ spec: singular: podvolumerestore scope: Namespaced versions: - - additionalPrinterColumns: - - description: Namespace of the pod containing the volume to be restored - jsonPath: .spec.pod.namespace - name: Namespace - type: string - - description: Name of the pod containing the volume to be restored - jsonPath: .spec.pod.name - name: Pod - type: string - - description: The type of the uploader to handle data transfer - jsonPath: .spec.uploaderType - name: Uploader Type - type: string - - description: Name of the volume to be restored - jsonPath: .spec.volume - name: Volume - type: string - - description: Pod Volume Restore status such as New/InProgress - jsonPath: .status.phase - name: Status - type: string - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.totalBytes - name: TotalBytes - type: integer - - description: Pod Volume Restore status such as New/InProgress - format: int64 - jsonPath: .status.progress.bytesDone - name: BytesDone - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. - properties: - backupStorageLocation: - description: |- - BackupStorageLocation is the name of the backup storage location - where the backup repository is stored. - type: string - pod: - description: - Pod is a reference to the pod containing the volume to - be restored. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - repoIdentifier: - description: RepoIdentifier is the backup repository identifier. - type: string - snapshotID: - description: SnapshotID is the ID of the volume snapshot to be restored. - type: string - sourceNamespace: - description: - SourceNamespace is the original namespace for namaspace - mapping. - type: string - uploaderSettings: - additionalProperties: + - additionalPrinterColumns: + - description: Namespace of the pod containing the volume to be restored + jsonPath: .spec.pod.namespace + name: Namespace + type: string + - description: Name of the pod containing the volume to be restored + jsonPath: .spec.pod.name + name: Pod + type: string + - description: The type of the uploader to handle data transfer + jsonPath: .spec.uploaderType + name: Uploader Type + type: string + - description: Name of the volume to be restored + jsonPath: .spec.volume + name: Volume + type: string + - description: Pod Volume Restore status such as New/InProgress + jsonPath: .status.phase + name: Status + type: string + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.totalBytes + name: TotalBytes + type: integer + - description: Pod Volume Restore status such as New/InProgress + format: int64 + jsonPath: .status.progress.bytesDone + name: BytesDone + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore. + properties: + backupStorageLocation: + description: |- + BackupStorageLocation is the name of the backup storage location + where the backup repository is stored. + type: string + pod: + description: Pod is a reference to the pod containing the volume to + be restored. + properties: + apiVersion: + description: API version of the referent. type: string - description: |- - UploaderSettings are a map of key-value pairs that should be applied to the - uploader configuration. - nullable: true - type: object - uploaderType: - description: - UploaderType is the type of the uploader to handle the - data transfer. - enum: - - kopia - - restic - - "" - type: string - volume: - description: - Volume is the name of the volume within the Pod to be - restored. - type: string - required: - - backupStorageLocation - - pod - - repoIdentifier - - snapshotID - - sourceNamespace - - volume - type: object - status: - description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time a restore was completed. - Completion time is recorded even on failed restores. - The server's time is used for CompletionTimestamps - format: date-time - nullable: true - type: string - message: - description: Message is a message about the pod volume restore's status. - type: string - phase: - description: Phase is the current state of the PodVolumeRestore. - enum: - - New - - InProgress - - Completed - - Failed - type: string - progress: - description: |- - Progress holds the total number of bytes of the snapshot and the current - number of restored bytes. This can be used to display progress information - about the restore operation. - properties: - bytesDone: - format: int64 - type: integer - totalBytes: - format: int64 - type: integer - type: object - startTimestamp: - description: |- - StartTimestamp records the time a restore was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - type: object - type: object - served: true - storage: true - subresources: {} + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + repoIdentifier: + description: RepoIdentifier is the backup repository identifier. + type: string + snapshotID: + description: SnapshotID is the ID of the volume snapshot to be restored. + type: string + sourceNamespace: + description: SourceNamespace is the original namespace for namaspace + mapping. + type: string + uploaderSettings: + additionalProperties: + type: string + description: |- + UploaderSettings are a map of key-value pairs that should be applied to the + uploader configuration. + nullable: true + type: object + uploaderType: + description: UploaderType is the type of the uploader to handle the + data transfer. + enum: + - kopia + - restic + - "" + type: string + volume: + description: Volume is the name of the volume within the Pod to be + restored. + type: string + required: + - backupStorageLocation + - pod + - repoIdentifier + - snapshotID + - sourceNamespace + - volume + type: object + status: + description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore. + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time a restore was completed. + Completion time is recorded even on failed restores. + The server's time is used for CompletionTimestamps + format: date-time + nullable: true + type: string + message: + description: Message is a message about the pod volume restore's status. + type: string + phase: + description: Phase is the current state of the PodVolumeRestore. + enum: + - New + - InProgress + - Completed + - Failed + type: string + progress: + description: |- + Progress holds the total number of bytes of the snapshot and the current + number of restored bytes. This can be used to display progress information + about the restore operation. + properties: + bytesDone: + format: int64 + type: integer + totalBytes: + format: int64 + type: integer + type: object + startTimestamp: + description: |- + StartTimestamp records the time a restore was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -2120,274 +2046,322 @@ spec: singular: restore scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - Restore is a Velero resource that represents the application of - resources from a Velero backup to a target Kubernetes cluster. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RestoreSpec defines the specification for a Velero restore. - properties: - backupName: - description: |- - BackupName is the unique name of the Velero backup to restore - from. - type: string - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the restore. - items: - type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the restore. - items: - type: string - nullable: true - type: array - existingResourcePolicy: - description: - ExistingResourcePolicy specifies the restore behavior - for the Kubernetes resource to be restored - nullable: true - type: string - hooks: - description: - Hooks represent custom behaviors that should be executed - during or post restore. - properties: - resources: - items: - description: |- - RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources to - which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the resources - to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. + - name: v1 + schema: + openAPIV3Schema: + description: |- + Restore is a Velero resource that represents the application of + resources from a Velero backup to a target Kubernetes cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RestoreSpec defines the specification for a Velero restore. + properties: + backupName: + description: |- + BackupName is the unique name of the Velero backup to restore + from. + type: string + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the restore. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the restore. + items: + type: string + nullable: true + type: array + existingResourcePolicy: + description: ExistingResourcePolicy specifies the restore behavior + for the Kubernetes resource to be restored + nullable: true + type: string + hooks: + description: Hooks represent custom behaviors that should be executed + during or post restore. + properties: + resources: + items: + description: |- + RestoreResourceHookSpec defines one or more RestoreResrouceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources to + which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the resources + to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + postHooks: + description: PostHooks is a list of RestoreResourceHooks + to execute during and after restoring a resource. + items: + description: RestoreResourceHook defines a restore hook + for a resource. + properties: + exec: + description: Exec defines an exec restore hook. + properties: + command: + description: Command is the command and arguments + to execute from within a container after a pod + has been restored. + items: type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + execTimeout: + description: |- + ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + onError: + description: OnError specifies how Velero should + behave if it encounters an error executing this + hook. + enum: + - Continue + - Fail + type: string + waitForReady: + description: WaitForReady ensures command will + be launched when container is Ready instead + of Running. + nullable: true + type: boolean + waitTimeout: + description: |- + WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready + before attempting to run the command. + type: string + required: + - command + type: object + init: + description: Init defines an init restore hook. + properties: + initContainers: + description: InitContainers is list of init containers + to be added to a pod during its restore. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + timeout: + description: Timeout defines the maximum amount + of time Velero should wait for the initContainers + to complete. + type: string type: object type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. + type: array + required: + - name + type: object + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the restore. If null, defaults + to true. + nullable: true + type: boolean + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the restore. If empty, all resources in the backup are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when restoring individual objects from the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - postHooks: - description: - PostHooks is a list of RestoreResourceHooks - to execute during and after restoring a resource. - items: - description: - RestoreResourceHook defines a restore hook - for a resource. - properties: - exec: - description: Exec defines an exec restore hook. - properties: - command: - description: - Command is the command and arguments - to execute from within a container after a pod - has been restored. - items: - type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - execTimeout: - description: |- - ExecTimeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. - type: string - onError: - description: - OnError specifies how Velero should - behave if it encounters an error executing this - hook. - enum: - - Continue - - Fail - type: string - waitForReady: - description: - WaitForReady ensures command will - be launched when container is Ready instead - of Running. - nullable: true - type: boolean - waitTimeout: - description: |- - WaitTimeout defines the maximum amount of time Velero should wait for the container to be Ready - before attempting to run the command. - type: string - required: - - command - type: object - init: - description: Init defines an init restore hook. - properties: - initContainers: - description: - InitContainers is list of init containers - to be added to a pod during its restore. - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - x-kubernetes-preserve-unknown-fields: true - timeout: - description: - Timeout defines the maximum amount - of time Velero should wait for the initContainers - to complete. - type: string - type: object - type: object - type: array - required: - - name - type: object - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the restore. If null, defaults - to true. - nullable: true - type: boolean - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the restore. If empty, all resources in the backup are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for RestoreItemAction operations - The default value is 4 hour. - type: string - labelSelector: - description: |- - LabelSelector is a metav1.LabelSelector to filter with - when restoring individual objects from the backup. If empty - or nil, all objects are included. Optional. - nullable: true + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceMapping: + additionalProperties: + type: string + description: |- + NamespaceMapping is a map of source namespace names + to target namespace names to restore into. Any source + namespaces not included in the map will be restored into + namespaces of the same name. + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when restoring individual objects from the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in restore request, only one of them + can be used + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector requirements. + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -2395,8 +2369,7 @@ spec: relates the key and values. properties: key: - description: - key is the label key that the selector applies + description: key is the label key that the selector applies to. type: string operator: @@ -2414,8 +2387,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -2428,265 +2401,191 @@ spec: type: object type: object x-kubernetes-map-type: atomic - namespaceMapping: - additionalProperties: - type: string - description: |- - NamespaceMapping is a map of source namespace names - to target namespace names to restore into. Any source - namespaces not included in the map will be restored into - namespaces of the same name. - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when restoring individual objects from the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in restore request, only one of them - can be used - items: + nullable: true + type: array + preserveNodePorts: + description: PreserveNodePorts specifies whether to restore old nodePorts + from backup. + nullable: true + type: boolean + resourceModifier: + description: ResourceModifier specifies the reference to JSON resource + patches that should be applied to resources before restoration. + nullable: true + properties: + apiGroup: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - preserveNodePorts: - description: - PreserveNodePorts specifies whether to restore old nodePorts - from backup. - nullable: true - type: boolean - resourceModifier: - description: - ResourceModifier specifies the reference to JSON resource - patches that should be applied to resources before restoration. - nullable: true - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + restorePVs: + description: |- + RestorePVs specifies whether to restore all included + PVs from snapshot + nullable: true + type: boolean + restoreStatus: + description: |- + RestoreStatus specifies which resources we should restore the status + field. If nil, no objects are included. Optional. + nullable: true + properties: + excludedResources: + description: ExcludedResources specifies the resources to which + will not restore the status. + items: type: string - name: - description: Name is the name of resource being referenced + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which will restore the status. + If empty, it applies to all resources. + items: type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - restorePVs: - description: |- - RestorePVs specifies whether to restore all included - PVs from snapshot - nullable: true - type: boolean - restoreStatus: - description: |- - RestoreStatus specifies which resources we should restore the status - field. If nil, no objects are included. Optional. - nullable: true - properties: - excludedResources: - description: - ExcludedResources specifies the resources to which - will not restore the status. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which will restore the status. - If empty, it applies to all resources. - items: - type: string - nullable: true - type: array - type: object - scheduleName: - description: |- - ScheduleName is the unique name of the Velero schedule to restore - from. If specified, and BackupName is empty, Velero will restore - from the most recent successful backup created from this schedule. - type: string - uploaderConfig: - description: UploaderConfig specifies the configuration for the restore. - nullable: true - properties: - parallelFilesDownload: - description: - ParallelFilesDownload is the concurrency number setting - for restore. - type: integer - writeSparseFiles: - description: - WriteSparseFiles is a flag to indicate whether write - files sparsely or not. - nullable: true - type: boolean - type: object - type: object - status: - description: RestoreStatus captures the current status of a Velero restore - properties: - completionTimestamp: - description: |- - CompletionTimestamp records the time the restore operation was completed. - Completion time is recorded even on failed restore. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - errors: - description: |- - Errors is a count of all error messages that were generated during - execution of the restore. The actual errors are stored in object storage. - type: integer - failureReason: - description: - FailureReason is an error that caused the entire restore - to fail. - type: string - hookStatus: - description: - HookStatus contains information about the status of the - hooks. - nullable: true - properties: - hooksAttempted: - description: |- - HooksAttempted is the total number of attempted hooks - Specifically, HooksAttempted represents the number of hooks that failed to execute - and the number of hooks that executed successfully. - type: integer - hooksFailed: - description: - HooksFailed is the total number of hooks which ended - with an error - type: integer - type: object - phase: - description: Phase is the current state of the Restore - enum: - - New - - FailedValidation - - InProgress - - WaitingForPluginOperations - - WaitingForPluginOperationsPartiallyFailed - - Completed - - PartiallyFailed - - Failed - - Finalizing - - FinalizingPartiallyFailed - type: string - progress: - description: |- - Progress contains information about the restore's execution progress. Note - that this information is best-effort only -- if Velero fails to update it - during a restore for any reason, it may be inaccurate/stale. - nullable: true - properties: - itemsRestored: - description: - ItemsRestored is the number of items that have actually - been restored so far - type: integer - totalItems: - description: |- - TotalItems is the total number of items to be restored. This number may change - throughout the execution of the restore due to plugins that return additional related - items to restore - type: integer - type: object - restoreItemOperationsAttempted: - description: |- - RestoreItemOperationsAttempted is the total number of attempted - async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsCompleted: - description: |- - RestoreItemOperationsCompleted is the total number of successfully completed - async RestoreItemAction operations for this restore. - type: integer - restoreItemOperationsFailed: - description: |- - RestoreItemOperationsFailed is the total number of async - RestoreItemAction operations for this restore which ended with an error. - type: integer - startTimestamp: - description: |- - StartTimestamp records the time the restore operation was started. - The server's time is used for StartTimestamps - format: date-time - nullable: true - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable) - items: - type: string - nullable: true - type: array - warnings: - description: |- - Warnings is a count of all warning messages that were generated during - execution of the restore. The actual warnings are stored in object storage. - type: integer - type: object - type: object - served: true - storage: true + nullable: true + type: array + type: object + scheduleName: + description: |- + ScheduleName is the unique name of the Velero schedule to restore + from. If specified, and BackupName is empty, Velero will restore + from the most recent successful backup created from this schedule. + type: string + uploaderConfig: + description: UploaderConfig specifies the configuration for the restore. + nullable: true + properties: + parallelFilesDownload: + description: ParallelFilesDownload is the concurrency number setting + for restore. + type: integer + writeSparseFiles: + description: WriteSparseFiles is a flag to indicate whether write + files sparsely or not. + nullable: true + type: boolean + type: object + type: object + status: + description: RestoreStatus captures the current status of a Velero restore + properties: + completionTimestamp: + description: |- + CompletionTimestamp records the time the restore operation was completed. + Completion time is recorded even on failed restore. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + errors: + description: |- + Errors is a count of all error messages that were generated during + execution of the restore. The actual errors are stored in object storage. + type: integer + failureReason: + description: FailureReason is an error that caused the entire restore + to fail. + type: string + hookStatus: + description: HookStatus contains information about the status of the + hooks. + nullable: true + properties: + hooksAttempted: + description: |- + HooksAttempted is the total number of attempted hooks + Specifically, HooksAttempted represents the number of hooks that failed to execute + and the number of hooks that executed successfully. + type: integer + hooksFailed: + description: HooksFailed is the total number of hooks which ended + with an error + type: integer + type: object + phase: + description: Phase is the current state of the Restore + enum: + - New + - FailedValidation + - InProgress + - WaitingForPluginOperations + - WaitingForPluginOperationsPartiallyFailed + - Completed + - PartiallyFailed + - Failed + - Finalizing + - FinalizingPartiallyFailed + type: string + progress: + description: |- + Progress contains information about the restore's execution progress. Note + that this information is best-effort only -- if Velero fails to update it + during a restore for any reason, it may be inaccurate/stale. + nullable: true + properties: + itemsRestored: + description: ItemsRestored is the number of items that have actually + been restored so far + type: integer + totalItems: + description: |- + TotalItems is the total number of items to be restored. This number may change + throughout the execution of the restore due to plugins that return additional related + items to restore + type: integer + type: object + restoreItemOperationsAttempted: + description: |- + RestoreItemOperationsAttempted is the total number of attempted + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsCompleted: + description: |- + RestoreItemOperationsCompleted is the total number of successfully completed + async RestoreItemAction operations for this restore. + type: integer + restoreItemOperationsFailed: + description: |- + RestoreItemOperationsFailed is the total number of async + RestoreItemAction operations for this restore which ended with an error. + type: integer + startTimestamp: + description: |- + StartTimestamp records the time the restore operation was started. + The server's time is used for StartTimestamps + format: date-time + nullable: true + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + nullable: true + type: array + warnings: + description: |- + Warnings is a count of all warning messages that were generated during + execution of the restore. The actual warnings are stored in object storage. + type: integer + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -2712,387 +2611,434 @@ spec: singular: schedule scope: Namespaced versions: - - additionalPrinterColumns: - - description: Status of the schedule - jsonPath: .status.phase - name: Status - type: string - - description: A Cron expression defining when to run the Backup - jsonPath: .spec.schedule - name: Schedule - type: string - - description: The last time a Backup was run for this schedule - jsonPath: .status.lastBackup - name: LastBackup - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.paused - name: Paused - type: boolean - name: v1 - schema: - openAPIV3Schema: - description: |- - Schedule is a Velero resource that represents a pre-scheduled or - periodic Backup that should be run. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ScheduleSpec defines the specification for a Velero schedule - properties: - paused: - description: Paused specifies whether the schedule is paused or not - type: boolean - schedule: - description: |- - Schedule is a Cron expression defining when to run - the Backup. - type: string - skipImmediately: - description: |- - SkipImmediately specifies whether to skip backup if schedule is due immediately from `schedule.status.lastBackup` timestamp when schedule is unpaused or if schedule is new. - If true, backup will be skipped immediately when schedule is unpaused if it is due based on .Status.LastBackupTimestamp or schedule is new, and will run at next schedule time. - If false, backup will not be skipped immediately when schedule is unpaused, but will run at next schedule time. - If empty, will follow server configuration (default: false). - type: boolean - template: - description: |- - Template is the definition of the Backup to be run - on the provided schedule - properties: - csiSnapshotTimeout: - description: |- - CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to - ReadyToUse during creation, before returning error as timeout. - The default value is 10 minute. - type: string - datamover: - description: |- - DataMover specifies the data mover to be used by the backup. - If DataMover is "" or "velero", the built-in data mover will be used. - type: string - defaultVolumesToFsBackup: - description: |- - DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used - for all volumes by default. - nullable: true - type: boolean - defaultVolumesToRestic: - description: |- - DefaultVolumesToRestic specifies whether restic should be used to take a - backup of all pod volumes by default. + - additionalPrinterColumns: + - description: Status of the schedule + jsonPath: .status.phase + name: Status + type: string + - description: A Cron expression defining when to run the Backup + jsonPath: .spec.schedule + name: Schedule + type: string + - description: The last time a Backup was run for this schedule + jsonPath: .status.lastBackup + name: LastBackup + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.paused + name: Paused + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: |- + Schedule is a Velero resource that represents a pre-scheduled or + periodic Backup that should be run. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ScheduleSpec defines the specification for a Velero schedule + properties: + paused: + description: Paused specifies whether the schedule is paused or not + type: boolean + schedule: + description: |- + Schedule is a Cron expression defining when to run + the Backup. + type: string + skipImmediately: + description: |- + SkipImmediately specifies whether to skip backup if schedule is due immediately from `schedule.status.lastBackup` timestamp when schedule is unpaused or if schedule is new. + If true, backup will be skipped immediately when schedule is unpaused if it is due based on .Status.LastBackupTimestamp or schedule is new, and will run at next schedule time. + If false, backup will not be skipped immediately when schedule is unpaused, but will run at next schedule time. + If empty, will follow server configuration (default: false). + type: boolean + template: + description: |- + Template is the definition of the Backup to be run + on the provided schedule + properties: + csiSnapshotTimeout: + description: |- + CSISnapshotTimeout specifies the time used to wait for CSI VolumeSnapshot status turns to + ReadyToUse during creation, before returning error as timeout. + The default value is 10 minute. + type: string + datamover: + description: |- + DataMover specifies the data mover to be used by the backup. + If DataMover is "" or "velero", the built-in data mover will be used. + type: string + defaultVolumesToFsBackup: + description: |- + DefaultVolumesToFsBackup specifies whether pod volume file system backup should be used + for all volumes by default. + nullable: true + type: boolean + defaultVolumesToRestic: + description: |- + DefaultVolumesToRestic specifies whether restic should be used to take a + backup of all pod volumes by default. - Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. - nullable: true - type: boolean - excludedClusterScopedResources: - description: |- - ExcludedClusterScopedResources is a slice of cluster-scoped - resource type names to exclude from the backup. - If set to "*", all cluster-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaceScopedResources: - description: |- - ExcludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to exclude from the backup. - If set to "*", all namespace-scoped resource types are excluded. - The default value is empty. - items: - type: string - nullable: true - type: array - excludedNamespaces: - description: |- - ExcludedNamespaces contains a list of namespaces that are not - included in the backup. - items: - type: string - nullable: true - type: array - excludedResources: - description: |- - ExcludedResources is a slice of resource names that are not - included in the backup. - items: - type: string - nullable: true - type: array - hooks: - description: - Hooks represent custom behaviors that should be executed - at different phases of the backup. - properties: - resources: - description: - Resources are hooks that should be executed when - backing up individual instances of a resource. - items: - description: |- - BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on - the rules defined for namespaces, resources, and label selector. - properties: - excludedNamespaces: - description: - ExcludedNamespaces specifies the namespaces - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - excludedResources: - description: - ExcludedResources specifies the resources - to which this hook spec does not apply. - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies - to all namespaces. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources specifies the resources to which this hook spec applies. If empty, it applies - to all resources. - items: - type: string - nullable: true - type: array - labelSelector: - description: - LabelSelector, if specified, filters the - resources to which this hook spec applies. - nullable: true - properties: - matchExpressions: - description: - matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - name: - description: Name is the name of this hook. + Deprecated: this field is no longer used and will be removed entirely in future. Use DefaultVolumesToFsBackup instead. + nullable: true + type: boolean + excludedClusterScopedResources: + description: |- + ExcludedClusterScopedResources is a slice of cluster-scoped + resource type names to exclude from the backup. + If set to "*", all cluster-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaceScopedResources: + description: |- + ExcludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to exclude from the backup. + If set to "*", all namespace-scoped resource types are excluded. + The default value is empty. + items: + type: string + nullable: true + type: array + excludedNamespaces: + description: |- + ExcludedNamespaces contains a list of namespaces that are not + included in the backup. + items: + type: string + nullable: true + type: array + excludedResources: + description: |- + ExcludedResources is a slice of resource names that are not + included in the backup. + items: + type: string + nullable: true + type: array + hooks: + description: Hooks represent custom behaviors that should be executed + at different phases of the backup. + properties: + resources: + description: Resources are hooks that should be executed when + backing up individual instances of a resource. + items: + description: |- + BackupResourceHookSpec defines one or more BackupResourceHooks that should be executed based on + the rules defined for namespaces, resources, and label selector. + properties: + excludedNamespaces: + description: ExcludedNamespaces specifies the namespaces + to which this hook spec does not apply. + items: type: string - post: - description: |- - PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. - These are executed after all "additional items" from item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail - type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. + nullable: true + type: array + excludedResources: + description: ExcludedResources specifies the resources + to which this hook spec does not apply. + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces specifies the namespaces to which this hook spec applies. If empty, it applies + to all namespaces. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources specifies the resources to which this hook spec applies. If empty, it applies + to all resources. + items: + type: string + nullable: true + type: array + labelSelector: + description: LabelSelector, if specified, filters the + resources to which this hook spec applies. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: type: string - required: - - command - type: object - required: - - exec + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object - type: array - pre: - description: |- - PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. - These are executed before any "additional items" from item actions are processed. - items: - description: - BackupResourceHook defines a hook for - a resource. - properties: - exec: - description: Exec defines an exec hook. - properties: - command: - description: - Command is the command and arguments - to execute. - items: - type: string - minItems: 1 - type: array - container: - description: |- - Container is the container in the pod where the command should be executed. If not specified, - the pod's first container is used. - type: string - onError: - description: - OnError specifies how Velero - should behave if it encounters an error - executing this hook. - enum: - - Continue - - Fail + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the name of this hook. + type: string + post: + description: |- + PostHooks is a list of BackupResourceHooks to execute after storing the item in the backup. + These are executed after all "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - timeout: - description: |- - Timeout defines the maximum amount of time Velero should wait for the hook to complete before - considering the execution a failure. + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + pre: + description: |- + PreHooks is a list of BackupResourceHooks to execute prior to storing the item in the backup. + These are executed before any "additional items" from item actions are processed. + items: + description: BackupResourceHook defines a hook for + a resource. + properties: + exec: + description: Exec defines an exec hook. + properties: + command: + description: Command is the command and arguments + to execute. + items: type: string - required: - - command - type: object - required: - - exec - type: object - type: array - required: - - name - type: object - nullable: true - type: array - type: object - includeClusterResources: - description: |- - IncludeClusterResources specifies whether cluster-scoped resources - should be included for consideration in the backup. - nullable: true - type: boolean - includedClusterScopedResources: - description: |- - IncludedClusterScopedResources is a slice of cluster-scoped - resource type names to include in the backup. - If set to "*", all cluster-scoped resource types are included. - The default value is empty, which means only related - cluster-scoped resources are included. - items: - type: string - nullable: true - type: array - includedNamespaceScopedResources: - description: |- - IncludedNamespaceScopedResources is a slice of namespace-scoped - resource type names to include in the backup. - The default value is "*". - items: - type: string - nullable: true - type: array - includedNamespaces: - description: |- - IncludedNamespaces is a slice of namespace names to include objects - from. If empty, all namespaces are included. - items: - type: string - nullable: true - type: array - includedResources: - description: |- - IncludedResources is a slice of resource names to include - in the backup. If empty, all resources are included. - items: - type: string - nullable: true - type: array - itemOperationTimeout: - description: |- - ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations - The default value is 4 hour. + minItems: 1 + type: array + container: + description: |- + Container is the container in the pod where the command should be executed. If not specified, + the pod's first container is used. + type: string + onError: + description: OnError specifies how Velero + should behave if it encounters an error + executing this hook. + enum: + - Continue + - Fail + type: string + timeout: + description: |- + Timeout defines the maximum amount of time Velero should wait for the hook to complete before + considering the execution a failure. + type: string + required: + - command + type: object + required: + - exec + type: object + type: array + required: + - name + type: object + nullable: true + type: array + type: object + includeClusterResources: + description: |- + IncludeClusterResources specifies whether cluster-scoped resources + should be included for consideration in the backup. + nullable: true + type: boolean + includedClusterScopedResources: + description: |- + IncludedClusterScopedResources is a slice of cluster-scoped + resource type names to include in the backup. + If set to "*", all cluster-scoped resource types are included. + The default value is empty, which means only related + cluster-scoped resources are included. + items: type: string - labelSelector: + nullable: true + type: array + includedNamespaceScopedResources: + description: |- + IncludedNamespaceScopedResources is a slice of namespace-scoped + resource type names to include in the backup. + The default value is "*". + items: + type: string + nullable: true + type: array + includedNamespaces: + description: |- + IncludedNamespaces is a slice of namespace names to include objects + from. If empty, all namespaces are included. + items: + type: string + nullable: true + type: array + includedResources: + description: |- + IncludedResources is a slice of resource names to include + in the backup. If empty, all resources are included. + items: + type: string + nullable: true + type: array + itemOperationTimeout: + description: |- + ItemOperationTimeout specifies the time used to wait for asynchronous BackupItemAction operations + The default value is 4 hour. + type: string + labelSelector: + description: |- + LabelSelector is a metav1.LabelSelector to filter with + when adding individual objects to the backup. If empty + or nil, all objects are included. Optional. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + metadata: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + orLabelSelectors: + description: |- + OrLabelSelectors is list of metav1.LabelSelector to filter with + when adding individual objects to the backup. If multiple provided + they will be joined by the OR operator. LabelSelector as well as + OrLabelSelectors cannot co-exist in backup request, only one of them + can be used. + items: description: |- - LabelSelector is a metav1.LabelSelector to filter with - when adding individual objects to the backup. If empty - or nil, all objects are included. Optional. - nullable: true + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. properties: matchExpressions: - description: - matchExpressions is a list of label selector + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- @@ -3100,8 +3046,7 @@ spec: relates the key and values. properties: key: - description: - key is the label key that the selector + description: key is the label key that the selector applies to. type: string operator: @@ -3119,8 +3064,8 @@ spec: type: string type: array required: - - key - - operator + - key + - operator type: object type: array matchLabels: @@ -3133,189 +3078,120 @@ spec: type: object type: object x-kubernetes-map-type: atomic - metadata: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - orLabelSelectors: - description: |- - OrLabelSelectors is list of metav1.LabelSelector to filter with - when adding individual objects to the backup. If multiple provided - they will be joined by the OR operator. LabelSelector as well as - OrLabelSelectors cannot co-exist in backup request, only one of them - can be used. - items: + nullable: true + type: array + orderedResources: + additionalProperties: + type: string + description: |- + OrderedResources specifies the backup order of resources of specific Kind. + The map key is the resource name and value is a list of object names separated by commas. + Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". + nullable: true + type: object + resourcePolicy: + description: ResourcePolicy specifies the referenced resource + policies that backup should follow + properties: + apiGroup: description: |- - A label selector is a label query over a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector matches all objects. A null - label selector matches no objects. - properties: - matchExpressions: - description: - matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: - key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - orderedResources: - additionalProperties: + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string - description: |- - OrderedResources specifies the backup order of resources of specific Kind. - The map key is the resource name and value is a list of object names separated by commas. - Each resource name has format "namespace/objectname". For cluster resources, simply use "objectname". - nullable: true - type: object - resourcePolicy: - description: - ResourcePolicy specifies the referenced resource - policies that backup should follow - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - snapshotMoveData: - description: - SnapshotMoveData specifies whether snapshot data - should be moved - nullable: true - type: boolean - snapshotVolumes: - description: |- - SnapshotVolumes specifies whether to take snapshots - of any PV's referenced in the set of objects included - in the Backup. - nullable: true - type: boolean - storageLocation: - description: - StorageLocation is a string containing the name of - a BackupStorageLocation where the backup should be stored. - type: string - ttl: - description: |- - TTL is a time.Duration-parseable string describing how long - the Backup should be retained for. - type: string - uploaderConfig: - description: - UploaderConfig specifies the configuration for the - uploader. - nullable: true - properties: - parallelFilesUpload: - description: - ParallelFilesUpload is the number of files parallel - uploads to perform when using the uploader. - type: integer - type: object - volumeSnapshotLocations: - description: - VolumeSnapshotLocations is a list containing names - of VolumeSnapshotLocations associated with this backup. - items: + kind: + description: Kind is the type of resource being referenced type: string - type: array - type: object - useOwnerReferencesInBackup: - description: |- - UseOwnerReferencesBackup specifies whether to use - OwnerReferences on backups created by this Schedule. - nullable: true - type: boolean - required: - - schedule - - template - type: object - status: - description: ScheduleStatus captures the current state of a Velero schedule - properties: - lastBackup: - description: |- - LastBackup is the last time a Backup was run for this - Schedule schedule - format: date-time - nullable: true - type: string - lastSkipped: - description: LastSkipped is the last time a Schedule was skipped - format: date-time - nullable: true - type: string - phase: - description: Phase is the current phase of the Schedule - enum: - - New - - Enabled - - FailedValidation - type: string - validationErrors: - description: |- - ValidationErrors is a slice of all validation errors (if - applicable) - items: + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + snapshotMoveData: + description: SnapshotMoveData specifies whether snapshot data + should be moved + nullable: true + type: boolean + snapshotVolumes: + description: |- + SnapshotVolumes specifies whether to take snapshots + of any PV's referenced in the set of objects included + in the Backup. + nullable: true + type: boolean + storageLocation: + description: StorageLocation is a string containing the name of + a BackupStorageLocation where the backup should be stored. + type: string + ttl: + description: |- + TTL is a time.Duration-parseable string describing how long + the Backup should be retained for. type: string - type: array - type: object - type: object - served: true - storage: true - subresources: {} + uploaderConfig: + description: UploaderConfig specifies the configuration for the + uploader. + nullable: true + properties: + parallelFilesUpload: + description: ParallelFilesUpload is the number of files parallel + uploads to perform when using the uploader. + type: integer + type: object + volumeSnapshotLocations: + description: VolumeSnapshotLocations is a list containing names + of VolumeSnapshotLocations associated with this backup. + items: + type: string + type: array + type: object + useOwnerReferencesInBackup: + description: |- + UseOwnerReferencesBackup specifies whether to use + OwnerReferences on backups created by this Schedule. + nullable: true + type: boolean + required: + - schedule + - template + type: object + status: + description: ScheduleStatus captures the current state of a Velero schedule + properties: + lastBackup: + description: |- + LastBackup is the last time a Backup was run for this + Schedule schedule + format: date-time + nullable: true + type: string + lastSkipped: + description: LastSkipped is the last time a Schedule was skipped + format: date-time + nullable: true + type: string + phase: + description: Phase is the current phase of the Schedule + enum: + - New + - Enabled + - FailedValidation + type: string + validationErrors: + description: |- + ValidationErrors is a slice of all validation errors (if + applicable) + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} status: acceptedNames: kind: "" @@ -3339,77 +3215,76 @@ spec: listKind: ServerStatusRequestList plural: serverstatusrequests shortNames: - - ssr + - ssr singular: serverstatusrequest scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: |- - ServerStatusRequest is a request to access current status information about - the Velero server. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. - type: object - status: - description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. - properties: - phase: - description: Phase is the current lifecycle phase of the ServerStatusRequest. - enum: - - New - - Processed - type: string - plugins: - description: - Plugins list information about the plugins running on - the Velero server - items: - description: PluginInfo contains attributes of a Velero plugin - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - nullable: true - type: array - processedTimestamp: - description: |- - ProcessedTimestamp is when the ServerStatusRequest was processed - by the ServerStatusRequestController. - format: date-time - nullable: true - type: string - serverVersion: - description: ServerVersion is the Velero server version. - type: string - type: object - type: object - served: true - storage: true + - name: v1 + schema: + openAPIV3Schema: + description: |- + ServerStatusRequest is a request to access current status information about + the Velero server. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServerStatusRequestSpec is the specification for a ServerStatusRequest. + type: object + status: + description: ServerStatusRequestStatus is the current status of a ServerStatusRequest. + properties: + phase: + description: Phase is the current lifecycle phase of the ServerStatusRequest. + enum: + - New + - Processed + type: string + plugins: + description: Plugins list information about the plugins running on + the Velero server + items: + description: PluginInfo contains attributes of a Velero plugin + properties: + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + nullable: true + type: array + processedTimestamp: + description: |- + ProcessedTimestamp is when the ServerStatusRequest was processed + by the ServerStatusRequestController. + format: date-time + nullable: true + type: string + serverVersion: + description: ServerVersion is the Velero server version. + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" @@ -3433,93 +3308,87 @@ spec: listKind: VolumeSnapshotLocationList plural: volumesnapshotlocations shortNames: - - vsl + - vsl singular: volumesnapshotlocation scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: - VolumeSnapshotLocation is a location where Velero stores volume - snapshots. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: - VolumeSnapshotLocationSpec defines the specification for - a Velero VolumeSnapshotLocation. - properties: - config: - additionalProperties: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeSnapshotLocation is a location where Velero stores volume + snapshots. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: VolumeSnapshotLocationSpec defines the specification for + a Velero VolumeSnapshotLocation. + properties: + config: + additionalProperties: + type: string + description: Config is for provider-specific configuration fields. + type: object + credential: + description: Credential contains the credential information intended + to be used with this location + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. type: string - description: Config is for provider-specific configuration fields. - type: object - credential: - description: - Credential contains the credential information intended - to be used with this location - properties: - key: - description: - The key of the secret to select from. Must be a - valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - provider: - description: Provider is the provider of the volume storage. - type: string - required: - - provider - type: object - status: - description: - VolumeSnapshotLocationStatus describes the current status - of a Velero VolumeSnapshotLocation. - properties: - phase: - description: - VolumeSnapshotLocationPhase is the lifecycle phase of - a Velero VolumeSnapshotLocation. - enum: - - Available - - Unavailable - type: string - type: object - type: object - served: true - storage: true + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + provider: + description: Provider is the provider of the volume storage. + type: string + required: + - provider + type: object + status: + description: VolumeSnapshotLocationStatus describes the current status + of a Velero VolumeSnapshotLocation. + properties: + phase: + description: VolumeSnapshotLocationPhase is the lifecycle phase of + a Velero VolumeSnapshotLocation. + enum: + - Available + - Unavailable + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] - storedVersions: [] + storedVersions: [] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml index 573edbe24..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-deployment.yaml @@ -25,12 +25,12 @@ metadata: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility rules: - - apiGroups: - - "*" - resources: - - "*" - verbs: - - "*" +- apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,7 +125,7 @@ spec: args: - server - --uploader-type=restic - resources: + resources: requests: cpu: 500m memory: 128Mi @@ -159,13 +159,13 @@ spec: - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: image: volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins volumes: - name: cloud-credentials secret: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml index 49eecc8a7..0772314bf 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-secret.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/instance: application-mobility type: Opaque stringData: - cloud: | + cloud: | [] aws_access_key_id= aws_secret_access_key= diff --git a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml index b8fd89588..e66d5127b 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.1.0/velero-volumesnapshotlocation.yaml @@ -10,5 +10,5 @@ metadata: spec: provider: - config: - region: + config: + region: diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml index 6592680d4..1ac00049c 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: storage-volume - secret: - secretName: karavi-storage-secret + mountPath: /etc/karavi-authorization/storage - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml index 507372537..eba2e6c84 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis + path: /csm-authorization/redis \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml index e26676c99..bd6feeab0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,25 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml index 6592680d4..1ac00049c 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: storage-volume - secret: - secretName: karavi-storage-secret + mountPath: /etc/karavi-authorization/storage - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml index 507372537..eba2e6c84 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis + path: /csm-authorization/redis \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml index e26676c99..bd6feeab0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,25 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml index 6592680d4..1ac00049c 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/deployment.yaml @@ -18,50 +18,50 @@ spec: app: proxy-server spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: storage-volume - secret: - secretName: karavi-storage-secret + mountPath: /etc/karavi-authorization/storage - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,9 +251,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis apiVersion: apps/v1 @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml index 507372537..eba2e6c84 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/local-provisioner.yaml @@ -14,8 +14,8 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: - path: /csm-authorization/redis + path: /csm-authorization/redis \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml index e26676c99..e32eacae4 100644 --- a/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.11.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,25 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml index 37bacf2ee..741534e31 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/deployment.yaml @@ -18,50 +18,50 @@ spec: csm: spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: storage-volume - secret: - secretName: karavi-storage-secret + mountPath: /etc/karavi-authorization/storage - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: csm: spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,12 +251,12 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis -apiVersion: apps/v1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-primary @@ -279,19 +279,19 @@ spec: tier: backend spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: tier: backend spec: containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml index e26676c99..bd6feeab0 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.0/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,25 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml index d37e8fb1b..be6d2f4a4 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml @@ -18,50 +18,50 @@ spec: csm: spec: containers: - - name: proxy-server - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: storage-volume - mountPath: /etc/karavi-authorization/storage - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: storage-volume - secret: - secretName: karavi-storage-secret + mountPath: /etc/karavi-authorization/storage - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -72,10 +72,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -97,26 +97,26 @@ spec: csm: spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - args: - - "--redis-host=redis..svc.cluster.local:6379" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -127,9 +127,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -183,22 +183,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -209,9 +209,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -251,12 +251,12 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Redis -apiVersion: apps/v1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-primary @@ -279,19 +279,19 @@ spec: csm: spec: containers: - - name: primary - image: - imagePullPolicy: IfNotPresent - args: ["--appendonly", "yes", "--appendfsync", "always"] - resources: - requests: - cpu: 100m - memory: 100Mi - ports: - - containerPort: 6379 - volumeMounts: - - name: redis-primary-volume - mountPath: /data + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data volumes: - name: redis-primary-volume persistentVolumeClaim: @@ -330,34 +330,34 @@ spec: csm: spec: containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: - name: redis-commander - image: - imagePullPolicy: IfNotPresent - env: - - name: REDIS_HOSTS - value: "rbac:redis..svc.cluster.local:6379" - - name: K8S_SIGTERM - value: "1" - ports: - - name: redis-commander - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -368,9 +368,9 @@ spec: selector: app: redis ports: - - protocol: TCP - port: 6379 - targetPort: 6379 + - protocol: TCP + port: 6379 + targetPort: 6379 --- apiVersion: v1 kind: Service @@ -381,9 +381,9 @@ spec: selector: app: redis-commander ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -427,9 +427,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -438,9 +438,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -453,6 +453,6 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml index 5ab23a487..135f8afa5 100644 --- a/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: csm: spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,25 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml index bf6a720d7..8c885df97 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/authorization-crds.yaml @@ -14,126 +14,125 @@ spec: singular: csmrole scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMRole is the Schema for the csmroles API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMRoleSpec defines the desired state of CSMRole - properties: - pool: - type: string - quota: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - systemID: - type: string - systemType: - type: string - type: object - status: - description: CSMRoleStatus defines the observed state of CSMRole - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMRole is the Schema for the csmroles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMRoleSpec defines the desired state of CSMRole + properties: + pool: + type: string + quota: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + systemID: + type: string + systemType: + type: string + type: object + status: + description: CSMRoleStatus defines the observed state of CSMRole + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -150,130 +149,129 @@ spec: singular: csmtenant scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMTenant is the Schema for the csmtenants API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMTenantSpec defines the desired state of CSMTenant - properties: - approveSdc: - type: boolean - revoke: - type: boolean - roles: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - volumePrefix: - maxLength: 3 - minLength: 1 - type: string - required: - - approveSdc - - revoke - type: object - status: - description: CSMTenantStatus defines the observed state of CSMTenant - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMTenant is the Schema for the csmtenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMTenantSpec defines the desired state of CSMTenant + properties: + approveSdc: + type: boolean + revoke: + type: boolean + roles: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + volumePrefix: + maxLength: 3 + minLength: 1 + type: string + required: + - approveSdc + - revoke + type: object + status: + description: CSMTenantStatus defines the observed state of CSMTenant + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -290,130 +288,128 @@ spec: singular: storage scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Storage is the Schema for the storages API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: StorageSpec defines the desired state of Storage - properties: - credentialPath: - type: string - credentialStore: - type: string - endpoint: - type: string - pollInterval: - type: string - skipCertificateValidation: - type: boolean - systemID: - type: string - type: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - required: - - skipCertificateValidation - type: object - status: - description: StorageStatus defines the observed state of Storage - properties: - conditions: - description: - 'Storage.status.conditions.type are: "Available", "NotAvailable", - and "UnKnown"' - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Storage is the Schema for the storages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageSpec defines the desired state of Storage + properties: + credentialPath: + type: string + credentialStore: + type: string + endpoint: + type: string + pollInterval: + type: string + skipCertificateValidation: + type: boolean + systemID: + type: string + type: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + required: + - skipCertificateValidation + type: object + status: + description: StorageStatus defines the observed state of Storage + properties: + conditions: + description: 'Storage.status.conditions.type are: "Available", "NotAvailable", + and "UnKnown"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml index 1593739e0..ffc9f5f1f 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -156,17 +155,10 @@ metadata: app.kubernetes.io/version: "v1.6.1" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -262,8 +254,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -299,8 +291,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -652,22 +641,14 @@ rules: # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 - apiGroups: [""] resources: ["configmaps"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: [""] resources: ["configmaps"] verbs: ["create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -716,14 +697,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.6.1" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -789,10 +770,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -833,10 +814,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: 10250 + - name: https + port: 443 + protocol: TCP + targetPort: 10250 selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -878,14 +859,15 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/deployment.yaml apiVersion: apps/v1 @@ -916,8 +898,8 @@ spec: app.kubernetes.io/version: "v1.6.1" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -927,18 +909,19 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system ports: - - containerPort: 9402 - protocol: TCP + - containerPort: 9402 + protocol: TCP env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-deployment.yaml apiVersion: apps/v1 @@ -976,15 +959,15 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc ports: - - name: https - protocol: TCP - containerPort: 10250 + - name: https + protocol: TCP + containerPort: 10250 livenessProbe: httpGet: path: /livez @@ -1006,11 +989,12 @@ spec: successThreshold: 1 failureThreshold: 3 env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: {} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} --- # Source: cert-manager/templates/webhook-mutating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -1078,14 +1062,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1117,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml index b8011a97e..fd073a1cd 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/deployment.yaml @@ -60,54 +60,54 @@ spec: spec: serviceAccountName: proxy-server containers: - - name: proxy-server - image: - imagePullPolicy: Always - env: - - name: SENTINELS - value: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - "--redis-sentinel=$(SENTINELS)" - - "--redis-password=$(REDIS_PASSWORD)" - - "--tenant-service=tenant-service..svc.cluster.local:50051" - - "--role-service=role-service..svc.cluster.local:50051" - - "--storage-service=storage-service..svc.cluster.local:50051" - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - - name: opa - image: - imagePullPolicy: IfNotPresent - args: - - "run" - - "--ignore=." - - "--server" - - "--log-level=debug" - ports: - - name: http - containerPort: 8181 - - name: kube-mgmt - image: - imagePullPolicy: IfNotPresent - args: - - "--policies=" - - "--enable-data" - volumes: + - name: proxy-server + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -118,10 +118,10 @@ spec: selector: app: proxy-server ports: - - name: http - protocol: TCP - port: 8080 - targetPort: 8080 + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 --- # Tenant Service apiVersion: apps/v1 @@ -143,35 +143,35 @@ spec: app: tenant-service spec: containers: - - name: tenant-service - image: - imagePullPolicy: Always - env: - - name: SENTINELS - value: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - "--redis-sentinel=$(SENTINELS)" - - "--redis-password=$(REDIS_PASSWORD)" - ports: - - containerPort: 50051 - name: grpc - volumeMounts: - - name: config-volume - mountPath: /etc/karavi-authorization/config - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: tenant-service + image: + imagePullPolicy: Always + env: + - name: SENTINELS + value: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - "--redis-sentinel=$(SENTINELS)" + - "--redis-password=$(REDIS_PASSWORD)" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: - name: config-volume - secret: - secretName: karavi-config-secret + mountPath: /etc/karavi-authorization/config - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -182,9 +182,9 @@ spec: selector: app: tenant-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Role Service apiVersion: v1 @@ -238,22 +238,22 @@ spec: spec: serviceAccountName: role-service containers: - - name: role-service - image: - imagePullPolicy: Always - ports: - - containerPort: 50051 - name: grpc - env: - - name: NAMESPACE - value: - volumeMounts: - - name: csm-config-params - mountPath: /etc/karavi-authorization/csm-config-params - volumes: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: - name: csm-config-params - configMap: - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params --- apiVersion: v1 kind: Service @@ -264,9 +264,9 @@ spec: selector: app: role-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- # Storage service apiVersion: v1 @@ -282,7 +282,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets", "events"] - verbs: ["get", "patch", "post", create] + verbs: ["get", "patch","post", create] - apiGroups: ["csm-authorization.storage.dell.com"] resources: ["storages", "csmtenants", "csmroles"] verbs: ["get", "list"] @@ -326,9 +326,9 @@ spec: selector: app: storage-service ports: - - port: 50051 - targetPort: 50051 - name: grpc + - port: 50051 + targetPort: 50051 + name: grpc --- apiVersion: cert-manager.io/v1 kind: Issuer @@ -446,23 +446,23 @@ spec: spec: serviceAccountName: authorization-controller containers: - - name: authorization-controller - image: - imagePullPolicy: Always - args: - - "--authorization-namespace=" - - "--health-probe-bind-address=:8081" - - "--leader-elect=" - - "--tenant-service-address=tenant-service..svc.cluster.local:50051" - - "--storage-service-address=storage-service..svc.cluster.local:50051" - - "--role-service-address=role-service..svc.cluster.local:50051" - - "--controller-reconcile-interval=" - env: - - name: NAMESPACE - value: - ports: - - containerPort: 50052 - name: grpc + - name: authorization-controller + image: + imagePullPolicy: Always + args: + - "--authorization-namespace=" + - "--health-probe-bind-address=:8081" + - "--leader-elect=" + - "--tenant-service-address=tenant-service..svc.cluster.local:50051" + - "--storage-service-address=storage-service..svc.cluster.local:50051" + - "--role-service-address=role-service..svc.cluster.local:50051" + - "--controller-reconcile-interval=" + env: + - name: NAMESPACE + value: + ports: + - containerPort: 50052 + name: grpc --- apiVersion: v1 kind: Service @@ -473,9 +473,9 @@ spec: selector: app: authorization-controller ports: - - port: 50052 - targetPort: 50052 - name: grpc + - port: 50052 + targetPort: 50052 + name: grpc --- # Redis apiVersion: v1 @@ -489,10 +489,10 @@ spec: selector: app: ports: - - protocol: TCP - port: 6379 - targetPort: 6379 - name: + - protocol: TCP + port: 6379 + targetPort: 6379 + name: --- apiVersion: apps/v1 kind: StatefulSet @@ -512,70 +512,70 @@ spec: app: spec: initContainers: - - name: config - image: - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password + - name: config + image: + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password - command: ["sh", "-c"] - args: - - | - cp /csm-auth-redis-cm/redis.conf /etc/redis/redis.conf + command: [ "sh", "-c" ] + args: + - | + cp /csm-auth-redis-cm/redis.conf /etc/redis/redis.conf - echo "masterauth $REDIS_PASSWORD" >> /etc/redis/redis.conf - echo "requirepass $REDIS_PASSWORD" >> /etc/redis/redis.conf + echo "masterauth $REDIS_PASSWORD" >> /etc/redis/redis.conf + echo "requirepass $REDIS_PASSWORD" >> /etc/redis/redis.conf - echo "Finding master..." - MASTER_FDQN=`hostname -f | sed -e 's/redis-csm-[0-9]\./redis-csm-0./'` - echo "Master at " $MASTER_FQDN - if [ "$(redis-cli -h sentinel -p 5000 ping)" != "PONG" ]; then - echo "No sentinel found." + echo "Finding master..." + MASTER_FDQN=`hostname -f | sed -e 's/redis-csm-[0-9]\./redis-csm-0./'` + echo "Master at " $MASTER_FQDN + if [ "$(redis-cli -h sentinel -p 5000 ping)" != "PONG" ]; then + echo "No sentinel found." - if [ "$(hostname)" = "redis-csm-0" ]; then - echo "This is redis master, not updating config..." - else - echo "This is redis slave, updating redis.conf..." - echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf - fi + if [ "$(hostname)" = "redis-csm-0" ]; then + echo "This is redis master, not updating config..." else - echo "Sentinel found, finding master" - MASTER="$(redis-cli -h sentinel -p 5000 sentinel get-master-addr-by-name mymaster | grep -E '(^redis-csm-\d{1,})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})')" + echo "This is redis slave, updating redis.conf..." echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf fi - volumeMounts: - - name: redis-primary-volume - mountPath: /data - - name: configmap - mountPath: /csm-auth-redis-cm/ - - name: config - mountPath: /etc/redis/ - containers: - - name: - image: - command: ["redis-server"] - args: ["/etc/redis/redis.conf"] - ports: - - containerPort: 6379 - name: - volumeMounts: - - name: redis-primary-volume - mountPath: /data - - name: configmap - mountPath: /csm-auth-redis-cm/ - - name: config - mountPath: /etc/redis/ - volumes: + else + echo "Sentinel found, finding master" + MASTER="$(redis-cli -h sentinel -p 5000 sentinel get-master-addr-by-name mymaster | grep -E '(^redis-csm-\d{1,})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})')" + echo "replicaof $MASTER_FDQN 6379" >> /etc/redis/redis.conf + fi + volumeMounts: - name: redis-primary-volume - emptyDir: {} + mountPath: /data + - name: configmap + mountPath: /csm-auth-redis-cm/ - name: config - emptyDir: {} + mountPath: /etc/redis/ + containers: + - name: + image: + command: [ "redis-server" ] + args: [ "/etc/redis/redis.conf" ] + ports: + - containerPort: 6379 + name: + volumeMounts: + - name: redis-primary-volume + mountPath: /data - name: configmap - configMap: - name: redis-csm-cm + mountPath: /csm-auth-redis-cm/ + - name: config + mountPath: /etc/redis/ + volumes: + - name: redis-primary-volume + emptyDir: {} + - name: config + emptyDir: {} + - name: configmap + configMap: + name: redis-csm-cm --- apiVersion: apps/v1 kind: Deployment @@ -595,54 +595,54 @@ spec: tier: backend spec: containers: + - name: + image: + imagePullPolicy: IfNotPresent + env: + - name: SENTINELS + value: + - name: K8S_SIGTERM + value: "1" + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: SENTINEL_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + - name: HTTP_USER + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: commander_user + ports: - name: - image: - imagePullPolicy: IfNotPresent - env: - - name: SENTINELS - value: - - name: K8S_SIGTERM - value: "1" - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: SENTINEL_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: HTTP_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - - name: HTTP_USER - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: commander_user - ports: - - name: - containerPort: 8081 - livenessProbe: - httpGet: - path: /favicon.png - port: 8081 - initialDelaySeconds: 10 - timeoutSeconds: 5 - resources: - limits: - cpu: "500m" - memory: "512M" - securityContext: - runAsNonRoot: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL --- apiVersion: v1 kind: Service @@ -653,9 +653,9 @@ spec: selector: app: ports: - - protocol: TCP - port: 8081 - targetPort: 8081 + - protocol: TCP + port: 8081 + targetPort: 8081 --- # Sentinel apiVersion: apps/v1 @@ -676,93 +676,93 @@ spec: app: spec: initContainers: - - name: config - image: - command: ["sh", "-c"] - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: redis-csm-secret - key: password - args: - - | - replicas=$( expr $(()) - 1) - for i in $(seq 0 $replicas) - do - node=$( echo "-$i." ) - nodes=$( echo "$nodes*$node" ) - done - loop=$(echo $nodes | sed -e "s/"*"/\n/g") + - name: config + image: + command: [ "sh", "-c" ] + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-csm-secret + key: password + args: + - | + replicas=$( expr $(()) - 1) + for i in $(seq 0 $replicas) + do + node=$( echo "-$i." ) + nodes=$( echo "$nodes*$node" ) + done + loop=$(echo $nodes | sed -e "s/"*"/\n/g") - foundMaster=false + foundMaster=false - while [ "$foundMaster" = "false" ] + while [ "$foundMaster" = "false" ] + do + for i in $loop do - for i in $loop - do - echo "Finding master at $i" - ROLE=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep role | cut -d ":" -f2) - if [ "$ROLE" = "master" ]; then - MASTER=$i.authorization.svc.cluster.local + echo "Finding master at $i" + ROLE=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep role | cut -d ":" -f2) + if [ "$ROLE" = "master" ]; then + MASTER=$i.authorization.svc.cluster.local + echo "Master found at $MASTER..." + foundMaster=true + break + else + MASTER=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep master_host: | cut -d ":" -f2) + if [ "$MASTER" = "" ]; then + echo "Master not found..." + echo "Waiting 5 seconds for redis pods to come up..." + sleep 5 + MASTER= + else echo "Master found at $MASTER..." foundMaster=true break - else - MASTER=$(redis-cli --no-auth-warning --raw -h $i -a $REDIS_PASSWORD info replication | awk '{print $1}' | grep master_host: | cut -d ":" -f2) - if [ "$MASTER" = "" ]; then - echo "Master not found..." - echo "Waiting 5 seconds for redis pods to come up..." - sleep 5 - MASTER= - else - echo "Master found at $MASTER..." - foundMaster=true - break - fi fi - done - - if [ "$foundMaster" = "true" ]; then - break - else - echo "Master not found, wait for 30s before attempting again" - sleep 30 - fi + fi done - echo "sentinel monitor mymaster $MASTER 6379 2" >> /tmp/master - echo "port 5000 - sentinel resolve-hostnames yes - sentinel announce-hostnames yes - $(cat /tmp/master) - sentinel down-after-milliseconds mymaster 5000 - sentinel failover-timeout mymaster 60000 - sentinel parallel-syncs mymaster 2 - sentinel auth-pass mymaster $REDIS_PASSWORD - " > /etc/redis/sentinel.conf - cat /etc/redis/sentinel.conf - volumeMounts: - - name: redis-config - mountPath: /etc/redis/ + if [ "$foundMaster" = "true" ]; then + break + else + echo "Master not found, wait for 30s before attempting again" + sleep 30 + fi + done + + echo "sentinel monitor mymaster $MASTER 6379 2" >> /tmp/master + echo "port 5000 + sentinel resolve-hostnames yes + sentinel announce-hostnames yes + $(cat /tmp/master) + sentinel down-after-milliseconds mymaster 5000 + sentinel failover-timeout mymaster 60000 + sentinel parallel-syncs mymaster 2 + sentinel auth-pass mymaster $REDIS_PASSWORD + " > /etc/redis/sentinel.conf + cat /etc/redis/sentinel.conf + volumeMounts: + - name: redis-config + mountPath: /etc/redis/ containers: - - name: - image: - command: ["redis-sentinel"] - args: ["/etc/redis/sentinel.conf"] - ports: - - containerPort: 5000 - name: - volumeMounts: - - name: redis-config - mountPath: /etc/redis/ - - name: data - mountPath: /data - volumes: + - name: + image: + command: ["redis-sentinel"] + args: ["/etc/redis/sentinel.conf"] + ports: + - containerPort: 5000 + name: + volumeMounts: - name: redis-config - emptyDir: {} + mountPath: /etc/redis/ - name: data - emptyDir: {} + mountPath: /data + volumes: + - name: redis-config + emptyDir: {} + - name: data + emptyDir : {} --- apiVersion: v1 kind: Service @@ -772,9 +772,9 @@ metadata: spec: clusterIP: None ports: - - port: 5000 - targetPort: 5000 - name: + - port: 5000 + targetPort: 5000 + name: selector: app: --- @@ -786,9 +786,9 @@ metadata: spec: type: NodePort ports: - - port: 5000 - targetPort: 5000 - name: -svc + - port: 5000 + targetPort: 5000 + name: -svc selector: app: --- @@ -834,9 +834,9 @@ roleRef: name: view apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- # Define role for OPA/kube-mgmt to update configmaps with policy status. apiVersion: rbac.authorization.k8s.io/v1 @@ -845,9 +845,9 @@ metadata: namespace: name: configmap-modifier rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["update", "patch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] --- # Grant OPA/kube-mgmt role defined above. apiVersion: rbac.authorization.k8s.io/v1 @@ -860,9 +860,9 @@ roleRef: name: configmap-modifier apiGroup: rbac.authorization.k8s.io subjects: - - kind: Group - name: system:serviceaccounts: - apiGroup: rbac.authorization.k8s.io +- kind: Group + name: system:serviceaccounts: + apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml index 507372537..ca7f530f3 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/local-provisioner.yaml @@ -14,7 +14,7 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Recycle storageClassName: csm-authorization-local-storage hostPath: diff --git a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml index e26676c99..fb221c7fc 100644 --- a/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml +++ b/operatorconfig/moduleconfig/authorization/v2.0.0-alpha/nginx-ingress-controller.yaml @@ -35,99 +35,99 @@ metadata: name: -ingress-nginx namespace: rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resourceNames: - - ingress-controller-leader - resources: - - configmaps - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-controller-leader - resources: - - leases - verbs: - - get - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -141,13 +141,13 @@ metadata: name: -ingress-nginx-admission namespace: rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -159,84 +159,84 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - authorization - verbs: - - get +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -249,13 +249,13 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -273,9 +273,9 @@ roleRef: kind: Role name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -293,9 +293,9 @@ roleRef: kind: Role name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -311,9 +311,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx subjects: - - kind: ServiceAccount - name: -ingress-nginx - namespace: +- kind: ServiceAccount + name: -ingress-nginx + namespace: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -330,9 +330,9 @@ roleRef: kind: ClusterRole name: -ingress-nginx-admission subjects: - - kind: ServiceAccount - name: -ingress-nginx-admission - namespace: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: --- apiVersion: v1 data: @@ -362,19 +362,19 @@ metadata: spec: externalTrafficPolicy: Cluster ipFamilies: - - IPv4 + - IPv4 ipFamilyPolicy: SingleStack ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -394,10 +394,10 @@ metadata: namespace: spec: ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook selector: app.kubernetes.io/component: controller app.kubernetes.io/instance: @@ -432,91 +432,91 @@ spec: app.kubernetes.io/name: ingress-nginx spec: containers: - - args: - - /nginx-ingress-controller - - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller - - --election-id=ingress-controller-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --v=3 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - runAsUser: 101 - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux serviceAccountName: -ingress-nginx terminationGracePeriodSeconds: 300 volumes: - - name: webhook-cert - secret: - secretName: -ingress-nginx-admission + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission --- apiVersion: batch/v1 kind: Job @@ -542,21 +542,21 @@ spec: name: -ingress-nginx-admission-create spec: containers: - - args: - - create - - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=-ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -590,23 +590,23 @@ spec: name: -ingress-nginx-admission-patch spec: containers: - - args: - - patch - - --webhook-name=-ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=-ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure @@ -640,24 +640,24 @@ metadata: app.kubernetes.io/version: 1.1.3 name: -ingress-nginx-admission webhooks: - - admissionReviewVersions: - - v1 - clientConfig: - service: - name: -ingress-nginx-controller-admission - namespace: - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/operatorconfig/moduleconfig/common/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager.yaml index dc9cafd25..266595462 100644 --- a/operatorconfig/moduleconfig/common/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager.yaml @@ -77,8 +77,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -153,17 +152,10 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -259,8 +251,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["networking.x-k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -296,8 +288,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -380,8 +371,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -406,8 +396,7 @@ rules: verbs: ["update"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -425,9 +414,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -625,10 +614,10 @@ roleRef: kind: ClusterRole name: -cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -651,11 +640,7 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -695,14 +680,14 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["cert-manager-webhook-ca"] - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -768,10 +753,10 @@ roleRef: kind: Role name: -cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: -cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -788,10 +773,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: @@ -812,10 +797,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: @@ -860,18 +845,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -905,8 +890,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: -cert-manager securityContext: @@ -918,25 +903,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -979,21 +964,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=-cert-manager-webhook - - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook + - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=-cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -1018,12 +1003,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -1085,14 +1070,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" @@ -1116,4 +1101,4 @@ webhooks: service: name: -cert-manager-webhook namespace: "" - path: /validate + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml index 239d878d9..b269d3477 100644 --- a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml @@ -23,9 +23,9 @@ kind: CustomResourceDefinition metadata: name: clusterissuers.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -62,10 +62,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -101,7 +101,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' type: string enum: - HS256 @@ -120,7 +120,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -136,16 +136,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." + description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' type: boolean solvers: - description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -172,7 +172,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -195,7 +195,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -207,7 +207,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -219,7 +219,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -243,7 +243,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -296,14 +296,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -312,7 +312,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -324,7 +324,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -351,7 +351,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -363,7 +363,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -378,7 +378,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -387,10 +387,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -399,7 +399,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -411,7 +411,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -420,7 +420,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -452,7 +452,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -1022,7 +1022,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -1141,7 +1141,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -1166,7 +1166,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -1178,7 +1178,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -1194,7 +1194,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -1227,7 +1227,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -1250,7 +1250,7 @@ spec: - name properties: name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -1318,9 +1318,9 @@ kind: CustomResourceDefinition metadata: name: challenges.acme.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -1360,10 +1360,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1401,7 +1401,7 @@ spec: description: Name of the resource being referred to. type: string key: - description: "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content." + description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' type: string solver: description: Contains the domain solving configuration that should be used to solve this challenge resource. @@ -1428,7 +1428,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -1451,7 +1451,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1463,7 +1463,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1475,7 +1475,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -1499,7 +1499,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -1552,14 +1552,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -1568,7 +1568,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -1580,7 +1580,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -1607,7 +1607,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -1619,7 +1619,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -1634,7 +1634,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -1643,10 +1643,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -1655,7 +1655,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -1667,7 +1667,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -1676,7 +1676,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -1708,7 +1708,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -2278,7 +2278,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -2382,9 +2382,9 @@ kind: CustomResourceDefinition metadata: name: certificaterequests.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2436,10 +2436,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2582,9 +2582,9 @@ kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2621,10 +2621,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2660,7 +2660,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' type: string enum: - HS256 @@ -2679,7 +2679,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -2695,16 +2695,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." + description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' type: boolean solvers: - description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -2731,7 +2731,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -2754,7 +2754,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2766,7 +2766,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2778,7 +2778,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -2802,7 +2802,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -2855,14 +2855,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -2871,7 +2871,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -2883,7 +2883,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -2910,7 +2910,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -2922,7 +2922,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -2937,7 +2937,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -2946,10 +2946,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -2958,7 +2958,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -2970,7 +2970,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -2979,7 +2979,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -3011,7 +3011,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -3581,7 +3581,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -3700,7 +3700,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -3725,7 +3725,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -3737,7 +3737,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -3753,7 +3753,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -3786,7 +3786,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -3809,7 +3809,7 @@ spec: - name properties: name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -3877,9 +3877,9 @@ kind: CustomResourceDefinition metadata: name: certificates.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -3926,10 +3926,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3956,7 +3956,7 @@ spec: - DER - CombinedPEM commonName: - description: "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4" + description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' type: string dnsNames: description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. @@ -4021,7 +4021,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string pkcs12: description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. @@ -4043,7 +4043,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string literalSubject: description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. @@ -4250,9 +4250,9 @@ kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -4295,10 +4295,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4504,8 +4504,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -4580,17 +4579,10 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update", "patch"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -4686,8 +4678,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "gateway.networking.k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -4723,8 +4715,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -4807,8 +4798,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -4833,8 +4823,7 @@ rules: verbs: ["update", "patch"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4852,9 +4841,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -5052,10 +5041,10 @@ roleRef: kind: ClusterRole name: cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -5078,11 +5067,7 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5122,15 +5107,15 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: - - "cert-manager-webhook-ca" - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: + - 'cert-manager-webhook-ca' + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -5196,10 +5181,10 @@ roleRef: kind: Role name: cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -5216,10 +5201,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager @@ -5240,10 +5225,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager @@ -5288,18 +5273,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -5333,8 +5318,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: cert-manager securityContext: @@ -5346,25 +5331,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5407,21 +5392,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=cert-manager-webhook + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -5446,12 +5431,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5513,14 +5498,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - rules: - apiGroups: - "cert-manager.io" diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index 5a39b1616..116127650 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -2,76 +2,76 @@ powerscale: # List of Driver versions and modules that supports the version v2.9.0: - authorization: "v1.9.0" - replication: "v1.7.0" - observability: "v1.7.0" - resiliency: "v1.8.0" + authorization: "v1.9.0" + replication: "v1.7.0" + observability: "v1.7.0" + resiliency: "v1.8.0" v2.9.1: - authorization: "v1.9.1" - replication: "v1.7.1" - observability: "v1.7.0" - resiliency: "v1.8.1" + authorization: "v1.9.1" + replication: "v1.7.1" + observability: "v1.7.0" + resiliency: "v1.8.1" v2.10.0: - authorization: "v1.10.0" - replication: "v1.8.0" - observability: "v1.8.0" - resiliency: "v1.9.0" + authorization: "v1.10.0" + replication: "v1.8.0" + observability: "v1.8.0" + resiliency: "v1.9.0" v2.10.1: - authorization: "v1.10.1" - replication: "v1.8.1" - observability: "v1.8.1" - resiliency: "v1.9.1" + authorization: "v1.10.1" + replication: "v1.8.1" + observability: "v1.8.1" + resiliency: "v1.9.1" v2.11.0: - authorization: "v1.11.0" - replication: "v1.9.0" - observability: "v1.9.0" - resiliency: "v1.10.0" + authorization: "v1.11.0" + replication: "v1.9.0" + observability: "v1.9.0" + resiliency: "v1.10.0" powerflex: # List of Driver versions and modules that supports the version v2.9.0: - authorization: "v1.9.0" - observability: "v1.7.0" - replication: "v1.7.0" - resiliency: "v1.8.0" + authorization: "v1.9.0" + observability: "v1.7.0" + replication: "v1.7.0" + resiliency: "v1.8.0" v2.9.1: - authorization: "v1.9.1" - observability: "v1.7.0" - replication: "v1.7.1" - resiliency: "v1.8.1" + authorization: "v1.9.1" + observability: "v1.7.0" + replication: "v1.7.1" + resiliency: "v1.8.1" v2.9.2: - authorization: "v1.9.1" - observability: "v1.7.0" - replication: "v1.7.1" - resiliency: "v1.8.1" + authorization: "v1.9.1" + observability: "v1.7.0" + replication: "v1.7.1" + resiliency: "v1.8.1" v2.10.0: - authorization: "v1.10.0" - observability: "v1.8.0" - replication: "v1.8.0" - resiliency: "v1.9.0" + authorization: "v1.10.0" + observability: "v1.8.0" + replication: "v1.8.0" + resiliency: "v1.9.0" v2.10.1: - authorization: "v1.10.1" - observability: "v1.8.1" - replication: "v1.8.1" - resiliency: "v1.9.1" + authorization: "v1.10.1" + observability: "v1.8.1" + replication: "v1.8.1" + resiliency: "v1.9.1" v2.11.0: - authorization: "v1.11.0" - observability: "v1.9.0" - replication: "v1.9.0" - resiliency: "v1.10.0" + authorization: "v1.11.0" + observability: "v1.9.0" + replication: "v1.9.0" + resiliency: "v1.10.0" powerstore: # List of Driver versions and modules that supports the version v2.9.0: - resiliency: "v1.8.0" + resiliency: "v1.8.0" v2.9.1: - resiliency: "v1.8.1" + resiliency: "v1.8.1" v2.10.0: - resiliency: "v1.9.0" + resiliency: "v1.9.0" v2.10.1: - resiliency: "v1.9.1" + resiliency: "v1.9.1" v2.11.0: - resiliency: "v1.10.0" + resiliency: "v1.10.0" v2.11.1: - resiliency: "v1.10.0" + resiliency: "v1.10.0" powermax: # List of Driver versions and modules that supports the version v2.9.0: diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml index a24744f0e..9f5623e75 100644 --- a/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/container.yaml @@ -18,4 +18,4 @@ volumeMounts: - name: tls-secret mountPath: /app/tls - name: cert-dir - mountPath: /app/certs + mountPath: /app/certs \ No newline at end of file diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml index 6847be5e5..03a3ff3f2 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/custom-cert.yaml @@ -11,6 +11,7 @@ data: tls.key: --- + apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -21,6 +22,7 @@ spec: secretName: -secret --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -32,7 +34,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -42,8 +44,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml index f77a3df27..1586047b4 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -54,13 +56,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml: | + karavi-metrics-powerflex.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml index 4c3ce6e1d..c691412b3 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -23,6 +24,7 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,13 +58,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml: | + karavi-metrics-powermax.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -136,7 +141,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: {} + emptyDir: { } - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml index e9dabdfe4..408cd3d32 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -35,6 +37,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -54,13 +57,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml: | + karavi-metrics-powerscale.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -76,6 +80,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -86,6 +91,7 @@ data: CSI_LOG_LEVEL: debug --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -149,3 +155,4 @@ spec: name: -config-params restartPolicy: Always status: {} + diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml index 0ea0cc14b..57a79e6a3 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,6 +31,7 @@ metadata: namespace: karavi --- + apiVersion: v1 data: nginx.conf: |- @@ -38,9 +39,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -67,6 +68,7 @@ metadata: namespace: karavi --- + apiVersion: v1 kind: Service metadata: @@ -89,6 +91,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml index 67813d8c2..375ba4c4c 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml @@ -13,6 +13,7 @@ data: ZIPKIN_PROBABILITY: 0.0 --- + apiVersion: v1 kind: ServiceAccount metadata: @@ -20,6 +21,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -30,6 +32,7 @@ rules: verbs: ["list"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -44,6 +47,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -63,6 +67,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml index c72a1d50a..9aa62cf3c 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/selfsigned-cert.yaml @@ -7,6 +7,7 @@ spec: selfSigned: {} --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -18,7 +19,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -28,8 +29,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml index 6847be5e5..03a3ff3f2 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/custom-cert.yaml @@ -11,6 +11,7 @@ data: tls.key: --- + apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -21,6 +22,7 @@ spec: secretName: -secret --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -32,7 +34,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -42,8 +44,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml index f77a3df27..1586047b4 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerflex.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -54,13 +56,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml: | + karavi-metrics-powerflex.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml index 4c3ce6e1d..c691412b3 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powermax.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -23,6 +24,7 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,13 +58,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml: | + karavi-metrics-powermax.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -136,7 +141,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: {} + emptyDir: { } - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml index e9dabdfe4..408cd3d32 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-metrics-powerscale.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -35,6 +37,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -54,13 +57,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml: | + karavi-metrics-powerscale.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -76,6 +80,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -86,6 +91,7 @@ data: CSI_LOG_LEVEL: debug --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -149,3 +155,4 @@ spec: name: -config-params restartPolicy: Always status: {} + diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml index 0ea0cc14b..57a79e6a3 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,6 +31,7 @@ metadata: namespace: karavi --- + apiVersion: v1 data: nginx.conf: |- @@ -38,9 +39,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -67,6 +68,7 @@ metadata: namespace: karavi --- + apiVersion: v1 kind: Service metadata: @@ -89,6 +91,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml index 67813d8c2..375ba4c4c 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/karavi-topology.yaml @@ -13,6 +13,7 @@ data: ZIPKIN_PROBABILITY: 0.0 --- + apiVersion: v1 kind: ServiceAccount metadata: @@ -20,6 +21,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -30,6 +32,7 @@ rules: verbs: ["list"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -44,6 +47,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -63,6 +67,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml index c72a1d50a..9aa62cf3c 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.0/selfsigned-cert.yaml @@ -7,6 +7,7 @@ spec: selfSigned: {} --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -18,7 +19,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -28,8 +29,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml index 6847be5e5..03a3ff3f2 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml @@ -11,6 +11,7 @@ data: tls.key: --- + apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -21,6 +22,7 @@ spec: secretName: -secret --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -32,7 +34,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -42,8 +44,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml index f77a3df27..1586047b4 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -54,13 +56,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml: | + karavi-metrics-powerflex.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml index 4c3ce6e1d..c691412b3 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -23,6 +24,7 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,13 +58,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml: | + karavi-metrics-powermax.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -136,7 +141,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: {} + emptyDir: { } - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml index e9dabdfe4..408cd3d32 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -35,6 +37,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -54,13 +57,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml: | + karavi-metrics-powerscale.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -76,6 +80,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -86,6 +91,7 @@ data: CSI_LOG_LEVEL: debug --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -149,3 +155,4 @@ spec: name: -config-params restartPolicy: Always status: {} + diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml index 0ea0cc14b..57a79e6a3 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,6 +31,7 @@ metadata: namespace: karavi --- + apiVersion: v1 data: nginx.conf: |- @@ -38,9 +39,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -67,6 +68,7 @@ metadata: namespace: karavi --- + apiVersion: v1 kind: Service metadata: @@ -89,6 +91,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml index 67813d8c2..375ba4c4c 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml @@ -13,6 +13,7 @@ data: ZIPKIN_PROBABILITY: 0.0 --- + apiVersion: v1 kind: ServiceAccount metadata: @@ -20,6 +21,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -30,6 +32,7 @@ rules: verbs: ["list"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -44,6 +47,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -63,6 +67,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml index c72a1d50a..9aa62cf3c 100644 --- a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml @@ -7,6 +7,7 @@ spec: selfSigned: {} --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -18,7 +19,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -28,8 +29,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml index 6847be5e5..03a3ff3f2 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/custom-cert.yaml @@ -11,6 +11,7 @@ data: tls.key: --- + apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -21,6 +22,7 @@ spec: secretName: -secret --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -32,7 +34,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -42,8 +44,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: -issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml index f77a3df27..1586047b4 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerflex.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -54,13 +56,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerflex-configmap namespace: karavi data: - karavi-metrics-powerflex.yaml: | + karavi-metrics-powerflex.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-vxflexos.dellemc.com POWERFLEX_SDC_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml index 4c3ce6e1d..c691412b3 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powermax.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -23,6 +24,7 @@ rules: resources: ["secrets"] verbs: ["list", "watch", "get"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -56,13 +58,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powermax-configmap namespace: karavi data: - karavi-metrics-powermax.yaml: | + karavi-metrics-powermax.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-powermax.dellemc.com POWERMAX_CAPACITY_METRICS_ENABLED: @@ -74,6 +77,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -85,6 +89,7 @@ data: CSI_LOG_FORMAT: TEXT --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -136,7 +141,7 @@ spec: mountPath: /certs volumes: - name: certs - emptyDir: {} + emptyDir: { } - name: configMap: name: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml index e9dabdfe4..408cd3d32 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-metrics-powerscale.yaml @@ -5,6 +5,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -21,6 +22,7 @@ rules: verbs: ["*"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -35,6 +37,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -54,13 +57,14 @@ spec: app.kubernetes.io/instance: karavi --- + apiVersion: v1 kind: ConfigMap metadata: name: karavi-metrics-powerscale-configmap namespace: karavi data: - karavi-metrics-powerscale.yaml: | + karavi-metrics-powerscale.yaml : | COLLECTOR_ADDR: PROVISIONER_NAMES: csi-isilon.dellemc.com POWERSCALE_MAX_CONCURRENT_QUERIES: @@ -76,6 +80,7 @@ data: LOG_FORMAT: --- + apiVersion: v1 kind: ConfigMap metadata: @@ -86,6 +91,7 @@ data: CSI_LOG_LEVEL: debug --- + apiVersion: apps/v1 kind: Deployment metadata: @@ -149,3 +155,4 @@ spec: name: -config-params restartPolicy: Always status: {} + diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml index 0ea0cc14b..57a79e6a3 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-otel-collector.yaml @@ -9,15 +9,15 @@ data: tls: cert_file: /etc/ssl/certs/tls.crt key_file: /etc/ssl/certs/tls.key - + exporters: prometheus: endpoint: 0.0.0.0:8889 logging: - + extensions: health_check: {} - + service: extensions: [health_check] pipelines: @@ -31,6 +31,7 @@ metadata: namespace: karavi --- + apiVersion: v1 data: nginx.conf: |- @@ -38,9 +39,9 @@ data: events { worker_connections 1024; } - + pid /tmp/nginx.pid; - + http { include mime.types; default_type application/octet-stream; @@ -67,6 +68,7 @@ metadata: namespace: karavi --- + apiVersion: v1 kind: Service metadata: @@ -89,6 +91,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml index 67813d8c2..375ba4c4c 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/karavi-topology.yaml @@ -13,6 +13,7 @@ data: ZIPKIN_PROBABILITY: 0.0 --- + apiVersion: v1 kind: ServiceAccount metadata: @@ -20,6 +21,7 @@ metadata: namespace: karavi --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -30,6 +32,7 @@ rules: verbs: ["list"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -44,6 +47,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- + apiVersion: v1 kind: Service metadata: @@ -63,6 +67,7 @@ spec: app.kubernetes.io/instance: karavi-observability --- + apiVersion: apps/v1 kind: Deployment metadata: diff --git a/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml index c72a1d50a..9aa62cf3c 100644 --- a/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml +++ b/operatorconfig/moduleconfig/observability/v1.9.0/selfsigned-cert.yaml @@ -7,6 +7,7 @@ spec: selfSigned: {} --- + apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -18,7 +19,7 @@ spec: renewBefore: 360h # 15d subject: organizations: - - dell + - dell isCA: false privateKey: algorithm: RSA @@ -28,8 +29,8 @@ spec: - server auth - client auth dnsNames: - - - - .karavi.svc.kubernetes.local + - + - .karavi.svc.kubernetes.local issuerRef: name: selfsigned-issuer kind: Issuer diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml index c45bb6d02..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: - - name: replication-secret +- name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml index 2168fcea9..33f4265af 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/replicationcrds.all.yaml @@ -13,78 +13,75 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: - DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -100,128 +97,93 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: - DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: type: string - requestParametersClass: + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: - DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: - Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: - ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: description: LastAction - Stores the last updated action properties: condition: - description: - Condition is the last known condition of the Custom + description: Condition is the last known condition of the Custom Resource type: string errorMessage: - description: - ErrorMessage is the last error message associated + description: ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -238,38 +200,61 @@ spec: type: string type: object type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: - ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: - LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: - State is the last reported state of the Replication - Link + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml index 790f60de3..aba283635 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.0/rules.yaml @@ -1,9 +1,9 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml index c45bb6d02..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: - - name: replication-secret +- name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml index 2168fcea9..33f4265af 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml @@ -13,78 +13,75 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: - DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -100,128 +97,93 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: - DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: type: string - requestParametersClass: + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: - DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: - Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: - ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: description: LastAction - Stores the last updated action properties: condition: - description: - Condition is the last known condition of the Custom + description: Condition is the last known condition of the Custom Resource type: string errorMessage: - description: - ErrorMessage is the last error message associated + description: ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -238,38 +200,61 @@ spec: type: string type: object type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: - ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: - LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: - State is the last reported state of the Replication - Link + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml index 790f60de3..aba283635 100644 --- a/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml @@ -1,9 +1,9 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml index c45bb6d02..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: - - name: replication-secret +- name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml index 2168fcea9..33f4265af 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/replicationcrds.all.yaml @@ -13,78 +13,75 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: - DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -100,128 +97,93 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: - DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: type: string - requestParametersClass: + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: - DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: - Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: - ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: description: LastAction - Stores the last updated action properties: condition: - description: - Condition is the last known condition of the Custom + description: Condition is the last known condition of the Custom Resource type: string errorMessage: - description: - ErrorMessage is the last error message associated + description: ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -238,38 +200,61 @@ spec: type: string type: object type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: - ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: - LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: - State is the last reported state of the Replication - Link + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml index 790f60de3..aba283635 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.0/rules.yaml @@ -1,9 +1,9 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml index c45bb6d02..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: - - name: replication-secret +- name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml index 2168fcea9..33f4265af 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml @@ -13,78 +13,75 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: - DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -100,128 +97,93 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: - DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: type: string - requestParametersClass: + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: - DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: - Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: - ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: description: LastAction - Stores the last updated action properties: condition: - description: - Condition is the last known condition of the Custom + description: Condition is the last known condition of the Custom Resource type: string errorMessage: - description: - ErrorMessage is the last error message associated + description: ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -238,38 +200,61 @@ spec: type: string type: object type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: - ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: - LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: - State is the last reported state of the Replication - Link + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml index 790f60de3..aba283635 100644 --- a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml @@ -1,9 +1,9 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml index c45bb6d02..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/controller.yaml @@ -9,7 +9,7 @@ metadata: name: dell-replication-controller-sa namespace: dell-replication-controller secrets: - - name: replication-secret +- name: replication-secret --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -17,165 +17,165 @@ metadata: creationTimestamp: null name: dell-replication-manager-role rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions/status - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - replication.storage.dell.com - resources: - - dellcsireplicationgroups/status - verbs: - - get - - patch - - update - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get +- nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dell-replication-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: v1 kind: Secret @@ -196,9 +196,9 @@ roleRef: kind: ClusterRole name: dell-replication-manager-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -209,9 +209,9 @@ roleRef: kind: ClusterRole name: dell-replication-proxy-role subjects: - - kind: ServiceAccount - name: dell-replication-controller-sa - namespace: dell-replication-controller +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller --- apiVersion: v1 data: @@ -233,9 +233,9 @@ metadata: namespace: dell-replication-controller spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + targetPort: https selector: control-plane: controller-manager --- @@ -258,47 +258,47 @@ spec: spec: serviceAccountName: dell-replication-controller-sa containers: - - args: - - --enable-leader-election - - --prefix=replication.storage.dell.com - command: - - /dell-replication-controller - env: - - name: X_CSI_REPLICATION_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: X_CSI_REPLICATION_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: X_CSI_REPLICATION_IN_CLUSTER - value: "true" - - name: X_CSI_REPLICATION_WATCH_NAMESPACE - value: dell-replication-controller - - name: X_CSI_REPLICATION_CONFIG_DIR - value: /app/config - - name: X_CSI_REPLICATION_CERT_DIR - value: /app/certs - - name: X_CSI_REPLICATION_CONFIG_FILE_NAME - value: config - image: - imagePullPolicy: Always - name: manager - resources: - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /app/config - name: configmap-volume - - mountPath: /app/certs - name: cert-dir + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir terminationGracePeriodSeconds: 10 volumes: - - emptyDir: null - name: cert-dir - - configMap: - name: dell-replication-controller-config - optional: true - name: configmap-volume + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml index 2168fcea9..33f4265af 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/replicationcrds.all.yaml @@ -13,78 +13,75 @@ spec: listKind: DellCSIMigrationGroupList plural: dellcsimigrationgroups shortNames: - - mg + - mg singular: dellcsimigrationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Source ID - jsonPath: .spec.sourceID - name: Source ID - type: string - - description: Target ID - jsonPath: .spec.targetID - name: Target ID - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup - properties: - driverName: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: type: string - migrationGroupAttributes: - additionalProperties: - type: string - type: object - sourceID: - type: string - targetID: - type: string - required: - - driverName - - migrationGroupAttributes - - sourceID - - targetID - type: object - status: - description: - DellCSIMigrationGroupStatus defines the observed state of - DellCSIMigrationGroup - properties: - lastAction: - type: string - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -100,128 +97,93 @@ spec: listKind: DellCSIReplicationGroupList plural: dellcsireplicationgroups shortNames: - - rg + - rg singular: dellcsireplicationgroup scope: Cluster versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: AGE - type: date - - description: State of the CR - jsonPath: .status.state - name: State - type: string - - description: Protection Group ID - jsonPath: .spec.protectionGroupId - name: PG ID - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.state - name: Link State - type: string - - description: Replication Link State - jsonPath: .status.replicationLinkState.lastSuccessfulUpdate - name: Last LinkState Update - type: string - name: v1 - schema: - openAPIV3Schema: - description: - DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups - API - properties: - apiVersion: - description: - "APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: - "Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: - DellCSIReplicationGroupSpec defines the desired state of - DellCSIReplicationGroup - properties: - action: - type: string - driverName: - type: string - protectionGroupAttributes: - additionalProperties: - type: string - type: object - protectionGroupId: - type: string - remoteClusterId: - type: string - remoteProtectionGroupAttributes: - additionalProperties: - type: string - type: object - remoteProtectionGroupId: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: type: string - requestParametersClass: + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: type: string - required: - - action - - driverName - - protectionGroupId - - remoteClusterId - - remoteProtectionGroupId - type: object - status: - description: - DellCSIReplicationGroupStatus defines the observed state - of DellCSIReplicationGroup - properties: - conditions: - items: - description: LastAction - Stores the last updated action - properties: - condition: - description: - Condition is the last known condition of the Custom - Resource - type: string - errorMessage: - description: - ErrorMessage is the last error message associated - with the condition - type: string - firstFailure: - description: FirstFailure is the first time this action failed - format: date-time - type: string - time: - description: Time is the time stamp for the last action update - format: date-time - type: string - actionAttributes: - description: ActionAttributes content unique on response to an action - additionalProperties: - type: string - type: object - type: object - type: array - lastAction: + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: description: LastAction - Stores the last updated action properties: condition: - description: - Condition is the last known condition of the Custom + description: Condition is the last known condition of the Custom Resource type: string errorMessage: - description: - ErrorMessage is the last error message associated + description: ErrorMessage is the last error message associated with the condition type: string firstFailure: @@ -238,38 +200,61 @@ spec: type: string type: object type: object - remoteState: - type: string - replicationLinkState: - description: ReplicationLinkState - Stores the Replication Link State - properties: - errorMessage: - description: - ErrorMessage is the last error message associated - with the link state - type: string - isSource: - description: IsSource indicates if this site is primary - type: boolean - lastSuccessfulUpdate: - description: - LastSuccessfulUpdate is the time stamp for the last - state update - format: date-time - type: string - state: - description: - State is the last reported state of the Replication - Link + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: type: string - required: - - isSource - type: object - state: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml index 790f60de3..aba283635 100644 --- a/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml +++ b/operatorconfig/moduleconfig/replication/v1.9.0/rules.yaml @@ -1,9 +1,9 @@ -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups"] - verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] -- apiGroups: ["replication.storage.dell.com"] - resources: ["dellcsireplicationgroups/status"] - verbs: ["get", "patch", "update"] -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml index 2899728f4..1a2dcb872 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml index 48f66803c..30d70e0a8 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml index 90d5faaff..785516292 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powermax-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powermax-config-params - mountPath: /powermax-config-params + mountPath: /powermax-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml index b1adbeadc..7813dc9ac 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml index d3d60c7f2..c73f0de1b 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml index ecebd011e..a0d1a135a 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml index d7606e711..9bd2db03f 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml index f5f8cbbc0..a5b98adef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.10.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml index 563989420..fe683a896 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml index d700dc9e1..80706515f 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml index 6d91c7b4b..b7a1460ef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml index d63cde6aa..73ab04230 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml index dbd4753a3..4d13ff754 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml index d2d1129ab..80bb7e5c6 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml index f5f8cbbc0..a5b98adef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml index 24c9db387..7e6087e72 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml index 6e15d6b47..446399c32 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml index f67f72057..0b82f0e3c 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml index 689fadbc1..64ab93892 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml index 542c54980..1b30812ca 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml index c83d57fd7..4c1d8f3f5 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml index f5f8cbbc0..a5b98adef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml index 52f35af1a..67749c8f0 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml index ba1797a67..21f5070f7 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml index fbb4343fa..4c8eb4f4a 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml index eba8ae213..af7fdcb56 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml index cd12cccca..e47891d31 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml index fb8753e75..a4bfe9d7e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml index f5f8cbbc0..a5b98adef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.0/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml index a1fe3b165..fc7b5d209 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml index 7c0621795..aae9c2303 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml @@ -55,4 +55,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: vxflexos-config-params - mountPath: /vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml index b22871254..dae17977e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml index 9e5b94583..cc03c334e 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: csi-isilon-config-params - mountPath: /csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml index cdaccb84f..fef783c30 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml @@ -33,4 +33,4 @@ volumeMounts: - name: socket-dir mountPath: /var/run/csi - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml index 218cdb621..7fc0517d2 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml @@ -58,4 +58,4 @@ volumeMounts: - name: var-run mountPath: /var/run - name: powerstore-config-params - mountPath: /powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml index f5f8cbbc0..a5b98adef 100644 --- a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml @@ -18,4 +18,4 @@ verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml index c04a8bea6..f90b8b7a7 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager-metrics-service.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml index c04a8bea6..f90b8b7a7 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-controller-manager.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml index c04a8bea6..f90b8b7a7 100644 --- a/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml +++ b/pkg/modules/testdata/badYaml/moduleconfig/application-mobility/v1.1.0/app-mobility-webhook-service.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/pkg/modules/testdata/cr_application_mobility.yaml b/pkg/modules/testdata/cr_application_mobility.yaml index 28950f083..f70bddf9c 100644 --- a/pkg/modules/testdata/cr_application_mobility.yaml +++ b/pkg/modules/testdata/cr_application_mobility.yaml @@ -83,8 +83,8 @@ spec: name: cloud-creds # Specify the object store access credentials to be stored in a secret with key "cloud". secretContents: - aws_access_key_id: # Provide the access key id here - aws_secret_access_key: # provide the access key here + aws_access_key_id: # Provide the access key id here + aws_secret_access_key: # provide the access key here # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. diff --git a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml index 0cc2e5bc8..0f7f58e34 100644 --- a/pkg/modules/testdata/cr_application_mobility_custom_region.yaml +++ b/pkg/modules/testdata/cr_application_mobility_custom_region.yaml @@ -87,8 +87,8 @@ spec: name: cloud-creds # Specify the object store access credentials to be stored in a secret with key "cloud". secretContents: - aws_access_key_id: # Provide the access key id here - aws_secret_access_key: # provide the access key here + aws_access_key_id: # Provide the access key id here + aws_secret_access_key: # provide the access key here # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index 122666a43..4c2ff61ad 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -42,7 +42,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -121,7 +121,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" # provide MDM value + value: "10.x.x.x,10.x.x.x" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index a94da6673..0a6b9bb1a 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index dd37f895d..4d3b986b6 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -52,7 +52,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -165,7 +165,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # observability: allows to configure observability - name: observability diff --git a/pkg/modules/testdata/cr_powermax_resiliency.yaml b/pkg/modules/testdata/cr_powermax_resiliency.yaml index 935d8926a..e7b757d9a 100644 --- a/pkg/modules/testdata/cr_powermax_resiliency.yaml +++ b/pkg/modules/testdata/cr_powermax_resiliency.yaml @@ -51,3 +51,4 @@ spec: - "--mode=node" - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - "--driverPath=csi-powermax.dellemc.com" + diff --git a/samples/authorization/csm-authorization_csmtenant.yaml b/samples/authorization/csm-authorization_csmtenant.yaml index 7e46d1ec0..c6f25183f 100644 --- a/samples/authorization/csm-authorization_csmtenant.yaml +++ b/samples/authorization/csm-authorization_csmtenant.yaml @@ -13,6 +13,6 @@ spec: roles: role1,role2 approveSdc: false revoke: false - # This prefix is added for each new volume provisioned by the tenant. + # This prefix is added for each new volume provisioned by the tenant. # It should not exceed 3 characters. Example: tn1 volumePrefix: tn1 diff --git a/samples/authorization/csm_authorization_proxy_server_v190.yaml b/samples/authorization/csm_authorization_proxy_server_v190.yaml index f6a301db3..172dfe224 100644 --- a/samples/authorization/csm_authorization_proxy_server_v190.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v190.yaml @@ -12,69 +12,69 @@ spec: configVersion: v1.9.0 forceRemoveModule: true components: - # For Kubernetes Container Platform only - # enabled: Enable/Disable NGINX Ingress Controller - # Allowed values: - # true: enable deployment of NGINX Ingress Controller - # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section - # Default value: true - - name: nginx - enabled: true - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - - name: cert-manager - enabled: true + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true - - name: proxy-server - # enable: Enable/Disable csm-authorization proxy server - enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.0 - tenantService: dellemc/csm-authorization-tenant:v1.9.0 - roleService: dellemc/csm-authorization-role:v1.9.0 - storageService: dellemc/csm-authorization-storage:v1.9.0 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true - # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.0 + tenantService: dellemc/csm-authorization-tenant:v1.9.0 + roleService: dellemc/csm-authorization-role:v1.9.0 + storageService: dellemc/csm-authorization-storage:v1.9.0 + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" - # base hostname for the ingress rules that expose the services - # the proxy-server ingress will use this hostname - # Allowed values: string - # Default value: csm-authorization.com - hostname: "csm-authorization.com" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" - # proxy-server ingress configuration - proxyServerIngress: - - ingressClassName: nginx + # base hostname for the ingress rules that expose the services + # the proxy-server ingress will use this hostname + # Allowed values: string + # Default value: csm-authorization.com + hostname: "csm-authorization.com" + + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx - # additional host rules for the proxy-server ingress - hosts: - [] - # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local - # additional annotations for the proxy-server ingress - annotations: {} + # additional annotations for the proxy-server ingress + annotations: {} - - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest - # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis - # to use a different storage class for redis, specify the name of the storage class - # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization - # Default value: None - storageclass: "" + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "" --- apiVersion: v1 diff --git a/samples/authorization/csm_authorization_proxy_server_v191.yaml b/samples/authorization/csm_authorization_proxy_server_v191.yaml index 2d805dcbc..97c6fea25 100644 --- a/samples/authorization/csm_authorization_proxy_server_v191.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v191.yaml @@ -12,69 +12,69 @@ spec: configVersion: v1.9.1 forceRemoveModule: true components: - # For Kubernetes Container Platform only - # enabled: Enable/Disable NGINX Ingress Controller - # Allowed values: - # true: enable deployment of NGINX Ingress Controller - # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section - # Default value: true - - name: nginx - enabled: true - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - - name: cert-manager - enabled: true + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true - - name: proxy-server - # enable: Enable/Disable csm-authorization proxy server - enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.1 - tenantService: dellemc/csm-authorization-tenant:v1.9.1 - roleService: dellemc/csm-authorization-role:v1.9.1 - storageService: dellemc/csm-authorization-storage:v1.9.1 - opa: openpolicyagent/opa - opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true - # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.1 + tenantService: dellemc/csm-authorization-tenant:v1.9.1 + roleService: dellemc/csm-authorization-role:v1.9.1 + storageService: dellemc/csm-authorization-storage:v1.9.1 + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" - # base hostname for the ingress rules that expose the services - # the proxy-server ingress will use this hostname - # Allowed values: string - # Default value: csm-authorization.com - hostname: "csm-authorization.com" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" - # proxy-server ingress configuration - proxyServerIngress: - - ingressClassName: nginx + # base hostname for the ingress rules that expose the services + # the proxy-server ingress will use this hostname + # Allowed values: string + # Default value: csm-authorization.com + hostname: "csm-authorization.com" + + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx - # additional host rules for the proxy-server ingress - hosts: - [] - # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local - # additional annotations for the proxy-server ingress - annotations: {} + # additional annotations for the proxy-server ingress + annotations: {} - - name: redis - redis: redis:6.0.8-alpine - commander: rediscommander/redis-commander:latest - # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis - # to use a different storage class for redis, specify the name of the storage class - # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization - # Default value: None - storageclass: "" + - name: redis + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + storageclass: "" --- apiVersion: v1 diff --git a/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml b/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml index eeb18bdaa..ee8b42756 100644 --- a/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml +++ b/samples/authorization/csm_authorization_proxy_server_v200-alpha.yaml @@ -70,8 +70,7 @@ spec: - ingressClassName: nginx # additional host rules for the proxy-server ingress - hosts: - [] + hosts: [] # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local # additional annotations for the proxy-server ingress diff --git a/samples/csireverseproxy/config.yaml b/samples/csireverseproxy/config.yaml index 87056d28e..8d82e0117 100644 --- a/samples/csireverseproxy/config.yaml +++ b/samples/csireverseproxy/config.yaml @@ -23,7 +23,7 @@ standAloneConfig: storageArrays: - storageArrayId: "000000000001" # arrayID primaryURL: https://primary-1.unisphe.re:8443 # primary unisphere for arrayID - backupURL: https://backup-1.unisphe.re:8443 # backup unisphere for arrayID + backupURL: https://backup-1.unisphe.re:8443 # backup unisphere for arrayID proxyCredentialSecrets: - proxy-secret-11 # credential secret for primary unisphere, e.g., powermax-creds - proxy-secret-12 # credential secret for backup unisphere, e.g., powermax-creds @@ -47,4 +47,4 @@ standAloneConfig: - url: https://backup-2.unisphe.re:8443 arrayCredentialSecret: backup-2-secret skipCertificateValidation: false - certSecret: primary-certs + certSecret: primary-certs \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml index ac581f988..6891adc32 100644 --- a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml +++ b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml @@ -64,7 +64,7 @@ spec: - name: HOST_PID value: "1" - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret + value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret # health monitor is disabled by default, refer to driver documentation before enabling it # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller @@ -178,7 +178,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -403,4 +403,4 @@ spec: # Below 3 args should not be modified. - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - "--mode=node" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml index 3784931aa..26c16776d 100644 --- a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml +++ b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml @@ -213,4 +213,4 @@ spec: - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" - "--mode=node" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPath=csi-powerstore.dellemc.com" + - "--driverPath=csi-powerstore.dellemc.com" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml index 0a79854b1..4799b139b 100644 --- a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml +++ b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml @@ -165,4 +165,4 @@ spec: # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" - # effect: "NoSchedule" + # effect: "NoSchedule" \ No newline at end of file diff --git a/samples/storage_csm_powerflex_v2101.yaml b/samples/storage_csm_powerflex_v2101.yaml index 7ef9ec5b0..191600834 100644 --- a/samples/storage_csm_powerflex_v2101.yaml +++ b/samples/storage_csm_powerflex_v2101.yaml @@ -43,7 +43,7 @@ spec: value: "false" sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver + # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 args: ["--volume-name-prefix=k8s"] @@ -58,18 +58,18 @@ spec: - name: csi-metadata-retriever image: dellemc/csi-metadata-retriever:v1.7.3 - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -122,6 +122,7 @@ spec: node: envs: + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -161,6 +162,8 @@ spec: - name: X_CSI_MAX_VOLUMES_PER_NODE value: "0" + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset # Leave as blank to use all nodes # Allowed values: map of key-value pairs @@ -190,7 +193,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC @@ -199,16 +202,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # observability: allows to configure observability - name: observability @@ -334,52 +337,52 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerflex" + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/samples/storage_csm_powermax_v2101.yaml b/samples/storage_csm_powermax_v2101.yaml index 41cc04869..c7133262f 100644 --- a/samples/storage_csm_powermax_v2101.yaml +++ b/samples/storage_csm_powermax_v2101.yaml @@ -226,7 +226,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity @@ -243,42 +243,42 @@ spec: forceRemoveModule: true configVersion: v2.9.1 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:v2.9.1 - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" # Authorization: enable csm-authorization for RBAC - name: authorization # enabled: Enable/Disable csm-authorization enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # Replication: allows configuring replication module # Replication CRDs must be installed before installing driver @@ -291,52 +291,52 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powermax - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powermax" + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability diff --git a/samples/storage_csm_powermax_v291.yaml b/samples/storage_csm_powermax_v291.yaml index d755336e5..c8756faf2 100644 --- a/samples/storage_csm_powermax_v291.yaml +++ b/samples/storage_csm_powermax_v291.yaml @@ -215,7 +215,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" @@ -231,42 +231,42 @@ spec: forceRemoveModule: true configVersion: v2.8.1 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.8.1" + image: dellemc/csipowermax-reverseproxy:v2.8.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.8.1" - image: dellemc/csipowermax-reverseproxy:v2.8.1 - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" # Authorization: enable csm-authorization for RBAC - name: authorization # enabled: Enable/Disable csm-authorization enabled: false configVersion: v1.9.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # Replication: allows configuring replication module # Replication CRDs must be installed before installing driver @@ -279,52 +279,52 @@ spec: enabled: false configVersion: v1.7.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powermax - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powermax" + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability diff --git a/samples/storage_csm_powerscale_v2101.yaml b/samples/storage_csm_powerscale_v2101.yaml index 7c788538e..62b2551cb 100644 --- a/samples/storage_csm_powerscale_v2101.yaml +++ b/samples/storage_csm_powerscale_v2101.yaml @@ -119,54 +119,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -188,38 +188,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -280,16 +280,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -302,53 +302,53 @@ spec: enabled: false configVersion: v1.8.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.8.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability @@ -399,11 +399,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false enabled: false - name: metrics-powerscale diff --git a/samples/storage_csm_powerscale_v291.yaml b/samples/storage_csm_powerscale_v291.yaml index 7255821b7..df8460eae 100644 --- a/samples/storage_csm_powerscale_v291.yaml +++ b/samples/storage_csm_powerscale_v291.yaml @@ -125,54 +125,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -194,38 +194,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -293,16 +293,16 @@ spec: enabled: false configVersion: v1.9.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.1 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -315,53 +315,53 @@ spec: enabled: false configVersion: v1.7.1 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.1 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.1 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" # observability: allows to configure observability - name: observability @@ -412,11 +412,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false enabled: false - name: metrics-powerscale diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml index e0d432e39..1684fc179 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.0.0/statefulset.yaml @@ -122,7 +122,8 @@ spec: runAsUser: 1001 containers: - name: connectivity-client-docker-k8s - securityContext: {} + securityContext: + {} image: "" imagePullPolicy: IfNotPresent args: @@ -199,7 +200,7 @@ spec: - name: kubernetes-proxy image: "" imagePullPolicy: IfNotPresent - command: ["kubectl"] + command: [ "kubectl" ] args: - "proxy" - "--port=8001" @@ -228,12 +229,7 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: - [ - "sh", - "-c", - "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", - ] + command: ['sh', '-c', "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml index 65534de17..8e868cb1a 100644 --- a/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml +++ b/tests/config/clientconfig/apexconnectivityclient/v1.1.0/statefulset.yaml @@ -122,7 +122,8 @@ spec: runAsUser: 1001 containers: - name: connectivity-client-docker-k8s - securityContext: {} + securityContext: + {} image: "" imagePullPolicy: IfNotPresent args: @@ -199,7 +200,7 @@ spec: - name: kubernetes-proxy image: "" imagePullPolicy: IfNotPresent - command: ["kubectl"] + command: [ "kubectl" ] args: - "proxy" - "--port=8001" @@ -228,12 +229,7 @@ spec: configMapKeyRef: name: connectivity-client-docker-k8s-configmap key: DCM_IDENTITY_LOCATION - command: - [ - "sh", - "-c", - "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi", - ] + command: ['sh', '-c', "if [ -s /dcm-client-secret-data/cert.pem ]; then cp -v /dcm-client-secret-data/cert.pem $DCM_IDENTITY_LOCATION/cert.pem; fi"] volumeMounts: - name: certs-store-tmpdir mountPath: "/home/connectivity-client/.certs" diff --git a/tests/config/clientconfig/badclient/badClient/bad.yaml b/tests/config/clientconfig/badclient/badClient/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/badclient/badClient/bad.yaml +++ b/tests/config/clientconfig/badclient/badClient/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/statefulset.yaml b/tests/config/clientconfig/badclient/statefulset.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/badclient/statefulset.yaml +++ b/tests/config/clientconfig/badclient/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml b/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml +++ b/tests/config/clientconfig/badclient/v1.0.0/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml b/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml +++ b/tests/config/clientconfig/badclient/v1.1.0/statefulset.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.11.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml b/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.0/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml index c04a8bea6..55d520672 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml @@ -1,4 +1,5 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml +++ b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml b/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml index 67a493dab..155ec5e3f 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.0/node.yaml b/tests/config/driverconfig/powerflex/v2.10.0/node.yaml index 6cd9ab702..4f781e1c1 100644 --- a/tests/config/driverconfig/powerflex/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml index f747ae20b..f0a353a03 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml index 80a667018..f9dcbad91 100644 --- a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml b/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml index 3de2521e6..71b57e9fc 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.11.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.11.0/node.yaml b/tests/config/driverconfig/powerflex/v2.11.0/node.yaml index d619d55e5..2d9a3aac8 100644 --- a/tests/config/driverconfig/powerflex/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.11.0/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.11.0 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml index 25c4609a7..d3c1242d0 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml @@ -45,7 +45,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "delete"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -59,7 +59,7 @@ rules: resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update", "create", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status", "volumesnapshotcontents/status"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -91,11 +91,11 @@ metadata: name: -controller namespace: annotations: - com.dell.karavi-authorization-proxy: "true" + com.dell.karavi-authorization-proxy: "true" spec: strategy: rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 selector: matchLabels: name: -controller @@ -109,13 +109,13 @@ spec: nodeSelector: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname serviceAccountName: -controller containers: - name: attacher @@ -208,7 +208,7 @@ spec: - name: driver image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml index b030dbdf2..9fdb2dfa0 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-vxflexos.dellemc.com + name: csi-vxflexos.dellemc.com spec: - fsGroupPolicy: ReadWriteOnceWithFSType - attachRequired: true - podInfoOnMount: true - storageCapacity: false - volumeLifecycleModes: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml index 1646835ff..060d7ead6 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml @@ -6,4 +6,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: debug - CSI_LOG_FORMAT: TEXT + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.9.1/node.yaml b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml index f9d4f2484..b6070724b 100644 --- a/tests/config/driverconfig/powerflex/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml @@ -75,7 +75,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostPID: false - containers: + containers: - name: driver securityContext: privileged: true @@ -84,7 +84,7 @@ spec: add: ["SYS_ADMIN"] image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-vxflexos.sh"] + command: [ "/csi-vxflexos.sh" ] args: - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" @@ -205,11 +205,11 @@ spec: - name: os-release mountPath: /host-os-release - name: sdc-storage - mountPath: /storage + mountPath: /storage - name: udev-d mountPath: /rules.d - name: scaleio-path-opt - mountPath: /host_drv_cfg_path + mountPath: /host_drv_cfg_path volumes: - name: registration-dir hostPath: diff --git a/tests/config/driverconfig/powermax/v2.10.0/bad.yaml b/tests/config/driverconfig/powermax/v2.10.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.10.0/controller.yaml b/tests/config/driverconfig/powermax/v2.10.0/controller.yaml index e5808f056..ade0cf06b 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml index 57491cb93..fcbf5531e 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.10.0/node.yaml b/tests/config/driverconfig/powermax/v2.10.0/node.yaml index 5c4b3e19e..2e2ea39c4 100644 --- a/tests/config/driverconfig/powermax/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.10.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml index ef4d20fde..acc22df8c 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -323,6 +323,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml index 57491cb93..fcbf5531e 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.10.1/node.yaml b/tests/config/driverconfig/powermax/v2.10.1/node.yaml index bd96454dd..cd138b569 100644 --- a/tests/config/driverconfig/powermax/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powermax/v2.10.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.11.0/bad.yaml b/tests/config/driverconfig/powermax/v2.11.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.11.0/controller.yaml b/tests/config/driverconfig/powermax/v2.11.0/controller.yaml index 86a2240c4..5e43f3c78 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.11.0 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml index 57491cb93..fcbf5531e 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.11.0/node.yaml b/tests/config/driverconfig/powermax/v2.11.0/node.yaml index 73ab45480..9dbc51be1 100644 --- a/tests/config/driverconfig/powermax/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.11.0/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powermax/v2.9.1/bad.yaml b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.9.1/controller.yaml b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml index 9db59746a..d4b5181a3 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml @@ -51,7 +51,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] @@ -70,7 +70,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -80,7 +80,7 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - # Permissions for CSIStorageCapacity + # Permissions for CSIStorageCapacity - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] @@ -89,7 +89,7 @@ rules: verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] - verbs: ["get"] + verbs: ["get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -127,13 +127,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -232,7 +232,7 @@ spec: - name: driver image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-powermax.sh"] + command: [ "/csi-powermax.sh" ] env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com @@ -321,6 +321,6 @@ spec: optional: true - name: powermax-config-params configMap: - name: -config-params + name: -config-params - name: cert-dir emptyDir: diff --git a/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml index 57491cb93..fcbf5531e 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml @@ -13,11 +13,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-powermax.dellemc.com + name: csi-powermax.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - fsGroupPolicy: ReadWriteOnceWithFSType - storageCapacity: false - volumeLifecycleModes: - - Persistent + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.9.1/node.yaml b/tests/config/driverconfig/powermax/v2.9.1/node.yaml index 6bbb4d89f..1442004bc 100644 --- a/tests/config/driverconfig/powermax/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/node.yaml @@ -42,10 +42,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml index 568a8e84a..44ff5ed14 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml index d5bbcf27b..a55f2843f 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.10.0/node.yaml b/tests/config/driverconfig/powerscale/v2.10.0/node.yaml index 17334c578..acb7e4692 100644 --- a/tests/config/driverconfig/powerscale/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml index 2b801d7df..f05a9bdf9 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml index d5bbcf27b..a55f2843f 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml index 178ab87c2..0ca8799c6 100644 --- a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml index 3c66dc3f4..90e951fbd 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.11.0 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml index d5bbcf27b..a55f2843f 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.11.0/node.yaml b/tests/config/driverconfig/powerscale/v2.11.0/node.yaml index a02595a90..fc9309365 100644 --- a/tests/config/driverconfig/powerscale/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.11.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml b/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml b/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml index 3bba1b4f5..46c3cd628 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.8.0 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--leader-election" - "--leader-election-renew-deadline=10s" @@ -309,4 +309,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml index d5bbcf27b..a55f2843f 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.9.0/node.yaml b/tests/config/driverconfig/powerscale/v2.9.0/node.yaml index 7b4f005c3..cc30533c3 100644 --- a/tests/config/driverconfig/powerscale/v2.9.0/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.0/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml index c04a8bea6..f90b8b7a7 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml @@ -1,4 +1,4 @@ this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml index e9ce597f4..1fed6ca02 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml @@ -39,7 +39,7 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -61,7 +61,7 @@ rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"] - # below for resizer + # below for resizer - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["update", "patch"] @@ -118,13 +118,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: resizer @@ -235,7 +235,7 @@ spec: - name: driver image: dellemc/csi-isilon:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-isilon"] + command: [ "/csi-isilon" ] args: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" env: @@ -305,4 +305,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml index d5bbcf27b..a55f2843f 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-isilon.dellemc.com + name: csi-isilon.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: false - fsGroupPolicy: ReadWriteOnceWithFSType - volumeLifecycleModes: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: - Persistent - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.9.1/node.yaml b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml index 3210f4875..9ffcb36f1 100644 --- a/tests/config/driverconfig/powerscale/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml @@ -30,10 +30,10 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["privileged"] - resources: ["securitycontextconstraints"] - verbs: ["use"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -193,4 +193,4 @@ spec: secretName: -creds - name: csi-isilon-config-params configMap: - name: -config-params + name: -config-params diff --git a/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml b/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml index f35ca024d..a85d0f248 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml index fdea6ddcb..4325897fc 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.0 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml index 7b27ad979..94ce0ee14 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.0/node.yaml b/tests/config/driverconfig/powerstore/v2.10.0/node.yaml index 24e8abeff..9074f5732 100644 --- a/tests/config/driverconfig/powerstore/v2.10.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.0 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml index f35ca024d..a85d0f248 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml index c908ba7fd..14e455317 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.10.1 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml index 7b27ad979..94ce0ee14 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml index 3a1b1523c..a8cb341fd 100644 --- a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.10.1 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml b/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml index f35ca024d..a85d0f248 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml index 4fe2d8ea4..6937e2c84 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.11.0 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml index 7b27ad979..94ce0ee14 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.0/node.yaml b/tests/config/driverconfig/powerstore/v2.11.0/node.yaml index 7f24580b8..4e354ea21 100644 --- a/tests/config/driverconfig/powerstore/v2.11.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.0/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.11.0 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml index f35ca024d..a85d0f248 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml index b2a3077b8..65f408104 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.11.1 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml index 7b27ad979..94ce0ee14 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.11.1/node.yaml b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml index 12f8c1d69..b76231685 100644 --- a/tests/config/driverconfig/powerstore/v2.11.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.11.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.11.1 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml index f35ca024d..a85d0f248 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml index 9962a0bf8..41abb750c 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml @@ -49,8 +49,7 @@ rules: resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["volumegroup.storage.dell.com"] - resources: - ["dellcsivolumegroupsnapshots", "dellcsivolumegroupsnapshots/status"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] verbs: ["create", "list", "watch", "delete", "update"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -123,13 +122,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: name - operator: In - values: - - -controller - topologyKey: kubernetes.io/hostname + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -226,7 +225,7 @@ spec: - name: driver image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -268,4 +267,4 @@ spec: name: -config-params - name: powerstore-config secret: - secretName: -config + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml index 0f1b9547f..1d6b34780 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml @@ -24,4 +24,4 @@ spec: fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - - Ephemeral + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml index 7b27ad979..94ce0ee14 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml @@ -22,4 +22,4 @@ metadata: data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "JSON" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.1/node.yaml b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml index 6d7b43067..96c0bacda 100644 --- a/tests/config/driverconfig/powerstore/v2.9.1/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml @@ -92,8 +92,8 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-powerstore:v2.9.1 - imagePullPolicy: IfNotPresent - command: ["/csi-powerstore"] + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] args: - "--array-config=/powerstore-config/config" - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" @@ -241,4 +241,4 @@ spec: - name: var-run hostPath: path: /var/run - type: Directory + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.10.0/bad.yaml b/tests/config/driverconfig/unity/v2.10.0/bad.yaml index f35ca024d..89aaa9556 100644 --- a/tests/config/driverconfig/unity/v2.10.0/bad.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.10.0/controller.yaml b/tests/config/driverconfig/unity/v2.10.0/controller.yaml index de8c2eb41..71c75df44 100644 --- a/tests/config/driverconfig/unity/v2.10.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml b/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.10.0/node.yaml b/tests/config/driverconfig/unity/v2.10.0/node.yaml index 69466603f..7de3cced1 100644 --- a/tests/config/driverconfig/unity/v2.10.0/node.yaml +++ b/tests/config/driverconfig/unity/v2.10.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/bad.yaml b/tests/config/driverconfig/unity/v2.10.1/bad.yaml index f35ca024d..89aaa9556 100644 --- a/tests/config/driverconfig/unity/v2.10.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.10.1/controller.yaml b/tests/config/driverconfig/unity/v2.10.1/controller.yaml index 4fda23e47..463fe2381 100644 --- a/tests/config/driverconfig/unity/v2.10.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.10.1/node.yaml b/tests/config/driverconfig/unity/v2.10.1/node.yaml index 69466603f..7de3cced1 100644 --- a/tests/config/driverconfig/unity/v2.10.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.10.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.0/bad.yaml b/tests/config/driverconfig/unity/v2.11.0/bad.yaml index f35ca024d..89aaa9556 100644 --- a/tests/config/driverconfig/unity/v2.11.0/bad.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.11.0/controller.yaml b/tests/config/driverconfig/unity/v2.11.0/controller.yaml index 1cd0d1a42..591d51b25 100644 --- a/tests/config/driverconfig/unity/v2.11.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml b/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.11.0/node.yaml b/tests/config/driverconfig/unity/v2.11.0/node.yaml index a350652e8..bccf645f9 100644 --- a/tests/config/driverconfig/unity/v2.11.0/node.yaml +++ b/tests/config/driverconfig/unity/v2.11.0/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/bad.yaml b/tests/config/driverconfig/unity/v2.11.1/bad.yaml index cf27dd5bf..0e37cfa82 100644 --- a/tests/config/driverconfig/unity/v2.11.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.11.1/controller.yaml b/tests/config/driverconfig/unity/v2.11.1/controller.yaml index f6d507f25..c6d0f57a9 100644 --- a/tests/config/driverconfig/unity/v2.11.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.11.1/node.yaml b/tests/config/driverconfig/unity/v2.11.1/node.yaml index a350652e8..bccf645f9 100644 --- a/tests/config/driverconfig/unity/v2.11.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.11.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.1/bad.yaml b/tests/config/driverconfig/unity/v2.9.1/bad.yaml index f35ca024d..89aaa9556 100644 --- a/tests/config/driverconfig/unity/v2.9.1/bad.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/bad.yaml @@ -14,6 +14,6 @@ # # this snfoiasga -is + is -843*&(*(% invalid YAml + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.9.1/controller.yaml b/tests/config/driverconfig/unity/v2.9.1/controller.yaml index e74471cbd..0b55df66e 100644 --- a/tests/config/driverconfig/unity/v2.9.1/controller.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/controller.yaml @@ -7,7 +7,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: -controller + name: -controller rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -20,7 +20,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "create", "watch", "update"] @@ -29,7 +29,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update","patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] @@ -42,7 +42,7 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - # below for snapshotter +# below for snapshotter - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] @@ -111,13 +111,13 @@ spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - -controller - topologyKey: "kubernetes.io/hostname" + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" containers: - name: attacher image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 @@ -253,7 +253,7 @@ spec: emptyDir: - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml index dbc2496ab..1ef295e21 100644 --- a/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml @@ -1,12 +1,12 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: - name: csi-unity.dellemc.com + name: csi-unity.dellemc.com spec: - attachRequired: true - podInfoOnMount: true - storageCapacity: true - volumeLifecycleModes: - - Persistent - - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.9.1/node.yaml b/tests/config/driverconfig/unity/v2.9.1/node.yaml index 69466603f..7de3cced1 100644 --- a/tests/config/driverconfig/unity/v2.9.1/node.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/node.yaml @@ -76,7 +76,7 @@ spec: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: dellemc/csi-unity:nightly - imagePullPolicy: IfNotPresent + imagePullPolicy: IfNotPresent args: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" @@ -183,7 +183,7 @@ spec: path: cert-0 - name: unity-config configMap: - name: -config-params + name: -config-params - name: unity-secret secret: - secretName: -creds + secretName: -creds diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml index e88168225..de8ebbfd3 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_n_minus_1.yaml @@ -44,20 +44,20 @@ spec: value: "" - name: X_CSI_QUOTA_ENABLED value: "false" - + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,6 +103,7 @@ spec: node: envs: + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -161,7 +162,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,86 +172,87 @@ spec: configVersion: v1.0.3 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: dellemc/csm-application-mobility-controller:v1.0.3 - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: dellemc/csm-application-mobility-controller:v1.0.3 + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.10.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.10.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" + + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: dellemc/csm-application-mobility-velero-plugin:v1.0.3 - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.6.2 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:7be1bef8d72f9916e6f0614d1b0a8c9559c8937f3d343780b22441c2efed314e + - name: dell-custom-velero-plugin + image: dellemc/csm-application-mobility-velero-plugin:v1.0.3 + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.6.2 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:7be1bef8d72f9916e6f0614d1b0a8c9559c8937f3d343780b22441c2efed314e \ No newline at end of file diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml index 4026a7712..0a8152aa4 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_no_velero.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,86 +171,90 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: false - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: false - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: false - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: false + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: false + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" + + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + + + diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml index 0bd5e4df2..9ea8cafd9 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_vanilla.yaml @@ -2,7 +2,7 @@ apiVersion: storage.dell.com/v1 kind: ContainerStorageModule metadata: name: application-mobility - namespace: test-vxflexos + namespace: test-vxflexos spec: modules: # Application Mobility: enable csm-application-mobility module @@ -12,87 +12,88 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: true - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: true + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" + + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" + + # Name of the backup storage url + # This field has to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" - # Name of the backup storage url - # This field has to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" - - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" - - #If velero is not already present in cluster, set createWithInstall to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console - aws_secret_access_key: console123 + #If velero is not already present in cluster, set createWithInstall to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console + aws_secret_access_key: console123 + # Init containers to be added to the Velero deployment's pod spec. # If the value is a string then it is evaluated as a template. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + #initContainer image for the configuration provider aws + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml index 4e894f97d..eb572f3ec 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,86 +171,90 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" + + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + + + diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml index a889e47ba..5cef645bf 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml @@ -161,7 +161,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,86 +171,90 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: Always - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "2" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: Always + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "2" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: false - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: true - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: true + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" + + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_ALT_BUCKET_NAME" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_ALT_BUCKET_NAME" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "alt-cloud-creds" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "alt-cloud-creds" + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: false + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: false - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + + + diff --git a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml index f7f2b5a3e..0b1df9950 100644 --- a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml @@ -44,20 +44,20 @@ spec: value: "" - name: X_CSI_QUOTA_ENABLED value: "false" - + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,6 +103,7 @@ spec: node: envs: + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -161,7 +162,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Application Mobility: enable csm-application-mobility module @@ -171,86 +172,90 @@ spec: configVersion: v1.1.0 forceRemoveModule: true components: - - name: application-mobility-controller-manager - # enable: Enable/Disable application mobility controller-manager - enabled: true - image: REPLACE_CONTROLLER_IMAGE - imagePullPolicy: IfNotPresent - envs: - # Replica count for application mobility - # Allowed values: string - # Default value: 1 - - name: "APPLICATION_MOBILITY_REPLICA_COUNT" - value: "1" + - name: application-mobility-controller-manager + # enable: Enable/Disable application mobility controller-manager + enabled: true + image: REPLACE_CONTROLLER_IMAGE + imagePullPolicy: IfNotPresent + envs: + # Replica count for application mobility + # Allowed values: string + # Default value: 1 + - name: "APPLICATION_MOBILITY_REPLICA_COUNT" + value: "1" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: true - # enabled: Enable/Disable Velero - - name: velero - image: velero/velero:v1.14.0 - imagePullPolicy: IfNotPresent - enabled: true - useVolumeSnapshot: false - # enabled: Enable/Disable node-agent service - deployNodeAgent: true - envs: - # Backup storage location name - # Allowed values: string - # Default value: default - - name: "BACKUPSTORAGELOCATION_NAME" - value: "default" + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: true + # enabled: Enable/Disable Velero + - name: velero + image: velero/velero:v1.14.0 + imagePullPolicy: IfNotPresent + enabled: true + useVolumeSnapshot: false + # enabled: Enable/Disable node-agent service + deployNodeAgent: true + envs: + # Backup storage location name + # Allowed values: string + # Default value: default + - name: "BACKUPSTORAGELOCATION_NAME" + value: "default" - # Velero bucket name - # Allowed values: string - # Default value: REPLACE_BUCKET_NAME - - name: "BUCKET_NAME" - value: "REPLACE_BUCKET_NAME" + # Velero bucket name + # Allowed values: string + # Default value: REPLACE_BUCKET_NAME + - name: "BUCKET_NAME" + value: "REPLACE_BUCKET_NAME" - # Based on the objectstore being used, the velero plugin and its configuration may need to change! - # default value: aws - - name: "CONFIGURATION_PROVIDER" - value: "aws" + # Based on the objectstore being used, the velero plugin and its configuration may need to change! + # default value: aws + - name: "CONFIGURATION_PROVIDER" + value: "aws" - # Name of the volume snapshot location where snapshots are being taken. Required. - # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER - # Default value : default - - name: "VOL_SNAPSHOT_LOCATION_NAME" - value: "default" + # Name of the volume snapshot location where snapshots are being taken. Required. + # Volume-snapshot-Location Provider will be same as CONFIGURATION_PROVIDER + # Default value : default + - name: "VOL_SNAPSHOT_LOCATION_NAME" + value: "default" - # Name of the backup storage url - # This field HAS to be changed to a functional backup storage url - # Default value: localhost:8000 - - name: "BACKUP_STORAGE_URL" - value: "http://REPLACE_S3URL" + # Name of the backup storage url + # This field HAS to be changed to a functional backup storage url + # Default value: localhost:8000 + - name: "BACKUP_STORAGE_URL" + value: "http://REPLACE_S3URL" - # Name of the secret in velero namespace that has credentials to access object store - # We can leave the field empty if there no existing secret in velero installed namespace - # Default value: existing-cred - - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" - value: "existing-cred" + # Name of the secret in velero namespace that has credentials to access object store + # We can leave the field empty if there no existing secret in velero installed namespace + # Default value: existing-cred + - name: "APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME" + value: "existing-cred" + + #If velero is not already present in cluster, set enabled to true to create a secret. + #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. + credentials: + - createWithInstall: true + #Specify the name to be used for secret that will be created to hold object store credentials. + name: cloud-creds + #Specify the object store access credentials to be stored in a secret with key "cloud". + secretContents: + aws_access_key_id: console #Provide the access key id here + aws_secret_access_key: console123 #provide the access key here - #If velero is not already present in cluster, set enabled to true to create a secret. - #Either this or APPLICATION_MOBILITY_OBJECT_STORE_SECRET_NAME above must be provided. - credentials: - - createWithInstall: true - #Specify the name to be used for secret that will be created to hold object store credentials. - name: cloud-creds - #Specify the object store access credentials to be stored in a secret with key "cloud". - secretContents: - aws_access_key_id: console #Provide the access key id here - aws_secret_access_key: console123 #provide the access key here # Init containers to be added to the Velero and Node-agent deployment's spec. - initContainer: #initContainer image for the dell velero plugin - - name: dell-custom-velero-plugin - image: REPLACE_PLUGIN_IMAGE - #initContainer image for the configuration provider aws - #digest for velero/velero-plugin-for-aws:v1.10.0 - - name: velero-plugin-for-aws - image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + - name: dell-custom-velero-plugin + image: REPLACE_PLUGIN_IMAGE + #initContainer image for the configuration provider aws + #digest for velero/velero-plugin-for-aws:v1.10.0 + - name: velero-plugin-for-aws + image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc + + + diff --git a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml index 0bd3f9acb..cce702a88 100644 --- a/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/velero-values.yaml @@ -1,3 +1,4 @@ + # values file for installing velero # will be used to test operator behavior when velero is installed already (not technically supported config) @@ -16,8 +17,9 @@ image: tag: v1.14.0 pullPolicy: IfNotPresent + credentials: - useSecret: true + useSecret: true name: existing-cloud-creds secretContents: cloud: | @@ -25,6 +27,7 @@ credentials: aws_access_key_id=console aws_secret_access_key=console123 + configuration: # Cloud provider being used (e.g. aws, azure, gcp). @@ -33,8 +36,11 @@ configuration: provider: aws bucket: REPLACE_BUCKET_NAME default: true - config: - { region: minio, s3ForcePathStyle: true, s3Url: http://REPLACE_S3URL } + config: { + region: minio, + s3ForcePathStyle: true, + s3Url: http://REPLACE_S3URL + } volumeSnapshotLocation: - name: default @@ -44,10 +50,10 @@ initContainers: - name: dell-custom-velero-plugin image: REPLACE_PLUGIN_IMAGE volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins - name: velero-plugin-for-aws image: velero/velero-plugin-for-aws@sha256:0b4fe36bbd5c7e484750bf21e25274cecbb72b30b097a72dc3e599430590bdfc volumeMounts: - - mountPath: /target - name: plugins + - mountPath: /target + name: plugins diff --git a/tests/e2e/testfiles/appmob-values.yaml b/tests/e2e/testfiles/appmob-values.yaml index a21788761..36bfe76b2 100644 --- a/tests/e2e/testfiles/appmob-values.yaml +++ b/tests/e2e/testfiles/appmob-values.yaml @@ -151,3 +151,4 @@ name: verify app-mobility run: - sh verify-app-mobility.sh + diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml index 048bc1e26..0fedf9f7d 100644 --- a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml @@ -12,6 +12,7 @@ spec: pollInterval: 30s --- + apiVersion: csm-authorization.storage.dell.com/v1alpha1 kind: CSMRole metadata: @@ -29,6 +30,7 @@ spec: pool: "REPLACE_STORAGE_POOL_PATH" --- + apiVersion: csm-authorization.storage.dell.com/v1alpha1 kind: CSMTenant metadata: diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml index bf6a720d7..8c885df97 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_crds.yaml @@ -14,126 +14,125 @@ spec: singular: csmrole scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMRole is the Schema for the csmroles API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMRoleSpec defines the desired state of CSMRole - properties: - pool: - type: string - quota: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - systemID: - type: string - systemType: - type: string - type: object - status: - description: CSMRoleStatus defines the observed state of CSMRole - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMRole is the Schema for the csmroles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMRoleSpec defines the desired state of CSMRole + properties: + pool: + type: string + quota: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + systemID: + type: string + systemType: + type: string + type: object + status: + description: CSMRoleStatus defines the observed state of CSMRole + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + Role.status.conditions.type are: "Available", "NotAvailable", and "UnKnown" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -150,130 +149,129 @@ spec: singular: csmtenant scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSMTenant is the Schema for the csmtenants API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CSMTenantSpec defines the desired state of CSMTenant - properties: - approveSdc: - type: boolean - revoke: - type: boolean - roles: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - volumePrefix: - maxLength: 3 - minLength: 1 - type: string - required: - - approveSdc - - revoke - type: object - status: - description: CSMTenantStatus defines the observed state of CSMTenant - properties: - conditions: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CSMTenant is the Schema for the csmtenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CSMTenantSpec defines the desired state of CSMTenant + properties: + approveSdc: + type: boolean + revoke: + type: boolean + roles: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + volumePrefix: + maxLength: 3 + minLength: 1 + type: string + required: + - approveSdc + - revoke + type: object + status: + description: CSMTenantStatus defines the observed state of CSMTenant + properties: + conditions: + description: |- + INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + Important: Run "make" to regenerate code after modifying this file + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -290,130 +288,128 @@ spec: singular: storage scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Storage is the Schema for the storages API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: StorageSpec defines the desired state of Storage - properties: - credentialPath: - type: string - credentialStore: - type: string - endpoint: - type: string - pollInterval: - type: string - skipCertificateValidation: - type: boolean - systemID: - type: string - type: - description: |- - INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file - type: string - required: - - skipCertificateValidation - type: object - status: - description: StorageStatus defines the observed state of Storage - properties: - conditions: - description: - 'Storage.status.conditions.type are: "Available", "NotAvailable", - and "UnKnown"' - items: - description: - "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Storage is the Schema for the storages API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StorageSpec defines the desired state of Storage + properties: + credentialPath: + type: string + credentialStore: + type: string + endpoint: + type: string + pollInterval: + type: string + skipCertificateValidation: + type: boolean + systemID: + type: string + type: + description: |- + INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file + type: string + required: + - skipCertificateValidation + type: object + status: + description: StorageStatus defines the observed state of Storage + properties: + conditions: + description: 'Storage.status.conditions.type are: "Available", "NotAvailable", + and "UnKnown"' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml index ada8ee2a1..2a9d0fffa 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_local_storage.yaml @@ -15,7 +15,7 @@ spec: storage: 8Gi volumeMode: Filesystem accessModes: - - ReadWriteOnce + - ReadWriteOnce persistentVolumeReclaimPolicy: Delete storageClassName: local-storage hostPath: diff --git a/tests/e2e/testfiles/cert-manager-crds.yaml b/tests/e2e/testfiles/cert-manager-crds.yaml index 60163e264..0ea3f19b0 100644 --- a/tests/e2e/testfiles/cert-manager-crds.yaml +++ b/tests/e2e/testfiles/cert-manager-crds.yaml @@ -23,9 +23,9 @@ kind: CustomResourceDefinition metadata: name: clusterissuers.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -62,10 +62,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -101,7 +101,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' type: string enum: - HS256 @@ -120,7 +120,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -136,16 +136,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." + description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' type: boolean solvers: - description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -172,7 +172,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -195,7 +195,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -207,7 +207,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -219,7 +219,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -243,7 +243,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -296,14 +296,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -312,7 +312,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -324,7 +324,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -351,7 +351,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -363,7 +363,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -378,7 +378,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -387,10 +387,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -399,7 +399,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -411,7 +411,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -420,7 +420,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -452,7 +452,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -1022,7 +1022,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -1141,7 +1141,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -1166,7 +1166,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -1178,7 +1178,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -1194,7 +1194,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -1227,7 +1227,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -1250,7 +1250,7 @@ spec: - name properties: name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -1318,9 +1318,9 @@ kind: CustomResourceDefinition metadata: name: challenges.acme.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -1360,10 +1360,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -1401,7 +1401,7 @@ spec: description: Name of the resource being referred to. type: string key: - description: "The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content." + description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' type: string solver: description: Contains the domain solving configuration that should be used to solve this challenge resource. @@ -1428,7 +1428,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -1451,7 +1451,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1463,7 +1463,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -1475,7 +1475,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -1499,7 +1499,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -1552,14 +1552,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -1568,7 +1568,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -1580,7 +1580,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -1607,7 +1607,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -1619,7 +1619,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -1634,7 +1634,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -1643,10 +1643,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -1655,7 +1655,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -1667,7 +1667,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -1676,7 +1676,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -1708,7 +1708,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -2278,7 +2278,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -2382,9 +2382,9 @@ kind: CustomResourceDefinition metadata: name: certificaterequests.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2436,10 +2436,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2582,9 +2582,9 @@ kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -2621,10 +2621,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -2660,7 +2660,7 @@ spec: - keySecretRef properties: keyAlgorithm: - description: "Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme." + description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' type: string enum: - HS256 @@ -2679,7 +2679,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string preferredChain: description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' @@ -2695,16 +2695,16 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string server: description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' type: string skipTLSVerify: - description: "INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false." + description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' type: boolean solvers: - description: "Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/" + description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' type: array items: description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. @@ -2731,7 +2731,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string host: type: string @@ -2754,7 +2754,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientSecretSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2766,7 +2766,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string clientTokenSecretRef: description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. @@ -2778,7 +2778,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string serviceConsumerDomain: type: string @@ -2802,7 +2802,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -2855,14 +2855,14 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: "API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions." + description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' type: object required: - name @@ -2871,7 +2871,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -2883,7 +2883,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string email: description: Email of the account, only required when using API key based authentication. @@ -2910,7 +2910,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string rfc2136: description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. @@ -2922,7 +2922,7 @@ spec: description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. type: string tsigAlgorithm: - description: "The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``." + description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' type: string tsigKeyName: description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. @@ -2937,7 +2937,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -2946,10 +2946,10 @@ spec: - region properties: accessKeyID: - description: "The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: string accessKeyIDSecretRef: - description: "The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -2958,7 +2958,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. @@ -2970,7 +2970,7 @@ spec: description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: "The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials" + description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' type: object required: - name @@ -2979,7 +2979,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string webhook: description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. @@ -3011,7 +3011,7 @@ spec: additionalProperties: type: string parentRefs: - description: "When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways" + description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' type: array items: description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." @@ -3581,7 +3581,7 @@ spec: description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. type: string nodeSelector: - description: "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/" + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object additionalProperties: type: string @@ -3700,7 +3700,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string kubernetes: description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. @@ -3725,7 +3725,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string tokenSecretRef: description: TokenSecretRef authenticates with Vault by presenting a token. @@ -3737,7 +3737,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string caBundle: description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -3753,7 +3753,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' @@ -3786,7 +3786,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". @@ -3809,7 +3809,7 @@ spec: - name properties: name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string url: description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' @@ -3877,9 +3877,9 @@ kind: CustomResourceDefinition metadata: name: certificates.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -3926,10 +3926,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -3956,7 +3956,7 @@ spec: - DER - CombinedPEM commonName: - description: "CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4" + description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' type: string dnsNames: description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. @@ -4021,7 +4021,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string pkcs12: description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. @@ -4043,7 +4043,7 @@ spec: description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. type: string name: - description: "Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" + description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string literalSubject: description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. @@ -4250,9 +4250,9 @@ kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io labels: - app: "cert-manager" - app.kubernetes.io/name: "cert-manager" - app.kubernetes.io/instance: "cert-manager" + app: 'cert-manager' + app.kubernetes.io/name: 'cert-manager' + app.kubernetes.io/instance: 'cert-manager' # Generated labels app.kubernetes.io/version: "v1.11.0" spec: @@ -4295,10 +4295,10 @@ spec: - spec properties: apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -4504,8 +4504,7 @@ rules: resources: ["events"] verbs: ["get", "create", "update", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: - ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] @@ -4580,17 +4579,10 @@ metadata: app.kubernetes.io/version: "v1.11.0" rules: - apiGroups: ["cert-manager.io"] - resources: - [ - "certificates", - "certificates/status", - "certificaterequests", - "certificaterequests/status", - ] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] verbs: ["update", "patch"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "clusterissuers", "issuers"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] verbs: ["get", "list", "watch"] # We require these rules to support users with the OwnerReferencesPermissionEnforcement # admission controller enabled: @@ -4686,8 +4678,8 @@ rules: - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch", "create", "delete", "update"] - - apiGroups: ["gateway.networking.k8s.io"] - resources: ["httproutes"] + - apiGroups: [ "gateway.networking.k8s.io" ] + resources: [ "httproutes" ] verbs: ["get", "list", "watch", "create", "delete", "update"] # We require the ability to specify a custom hostname when we are creating # new ingress resources. @@ -4723,8 +4715,7 @@ rules: resources: ["certificates", "certificaterequests"] verbs: ["create", "update", "delete"] - apiGroups: ["cert-manager.io"] - resources: - ["certificates", "certificaterequests", "issuers", "clusterissuers"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -4807,8 +4798,7 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] --- # Source: cert-manager/templates/rbac.yaml # Permission to: @@ -4833,8 +4823,7 @@ rules: verbs: ["update", "patch"] - apiGroups: ["certificates.k8s.io"] resources: ["signers"] - resourceNames: - ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] verbs: ["sign"] - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4852,9 +4841,9 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -5052,10 +5041,10 @@ roleRef: kind: ClusterRole name: cert-manager-webhook:subjectaccessreviews subjects: - - apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: cert-manager +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager --- # Source: cert-manager/templates/cainjector-rbac.yaml # leader election rules @@ -5078,11 +5067,7 @@ rules: # see cmd/cainjector/start.go#L137 - apiGroups: ["coordination.k8s.io"] resources: ["leases"] - resourceNames: - [ - "cert-manager-cainjector-leader-election", - "cert-manager-cainjector-leader-election-core", - ] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] verbs: ["get", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5122,15 +5107,15 @@ metadata: app.kubernetes.io/component: "webhook" app.kubernetes.io/version: "v1.11.0" rules: - - apiGroups: [""] - resources: ["secrets"] - resourceNames: - - "cert-manager-webhook-ca" - verbs: ["get", "list", "watch", "update"] - # It's not possible to grant CREATE permission on a single resourceName. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] +- apiGroups: [""] + resources: ["secrets"] + resourceNames: + - 'cert-manager-webhook-ca' + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] --- # Source: cert-manager/templates/cainjector-rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -5196,10 +5181,10 @@ roleRef: kind: Role name: cert-manager-webhook:dynamic-serving subjects: - - apiGroup: "" - kind: ServiceAccount - name: cert-manager-webhook - namespace: cert-manager +- apiGroup: "" + kind: ServiceAccount + name: cert-manager-webhook + namespace: cert-manager --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -5216,10 +5201,10 @@ metadata: spec: type: ClusterIP ports: - - protocol: TCP - port: 9402 - name: tcp-prometheus-servicemonitor - targetPort: 9402 + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 selector: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager @@ -5240,10 +5225,10 @@ metadata: spec: type: ClusterIP ports: - - name: https - port: 443 - protocol: TCP - targetPort: "https" + - name: https + port: 443 + protocol: TCP + targetPort: "https" selector: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager @@ -5288,18 +5273,18 @@ spec: image: "quay.io/jetstack/cert-manager-cainjector:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --leader-election-namespace=kube-system + - --v=2 + - --leader-election-namespace=kube-system env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL nodeSelector: kubernetes.io/os: linux --- @@ -5333,8 +5318,8 @@ spec: app.kubernetes.io/version: "v1.11.0" annotations: prometheus.io/path: "/metrics" - prometheus.io/scrape: "true" - prometheus.io/port: "9402" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' spec: serviceAccountName: cert-manager securityContext: @@ -5346,25 +5331,25 @@ spec: image: "quay.io/jetstack/cert-manager-controller:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 - - --max-concurrent-challenges=60 + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.11.0 + - --max-concurrent-challenges=60 ports: - - containerPort: 9402 - name: http-metrics - protocol: TCP + - containerPort: 9402 + name: http-metrics + protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5407,21 +5392,21 @@ spec: image: "quay.io/jetstack/cert-manager-webhook:v1.11.0" imagePullPolicy: IfNotPresent args: - - --v=2 - - --secure-port=10250 - - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=cert-manager-webhook + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) + - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc + ports: - - name: https - protocol: TCP - containerPort: 10250 - - name: healthcheck - protocol: TCP - containerPort: 6080 + - name: https + protocol: TCP + containerPort: 10250 + - name: healthcheck + protocol: TCP + containerPort: 6080 livenessProbe: httpGet: path: /livez @@ -5446,12 +5431,12 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace nodeSelector: kubernetes.io/os: linux --- @@ -5513,14 +5498,14 @@ webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager rules: - apiGroups: - "cert-manager.io" diff --git a/tests/e2e/testfiles/connectivity-values.yaml b/tests/e2e/testfiles/connectivity-values.yaml index 2eb849c22..2932d933b 100644 --- a/tests/e2e/testfiles/connectivity-values.yaml +++ b/tests/e2e/testfiles/connectivity-values.yaml @@ -33,27 +33,27 @@ - scenario: "Validate role/rolebindings created for brownfield-onboard scenario" paths: - - "testfiles/connectivity_client.yaml" - - "testfiles/storage_csm_powerflex.yaml" + - "testfiles/connectivity_client.yaml" + - "testfiles/storage_csm_powerflex.yaml" tags: - - "sanity" - - "client" + - "sanity" + - "client" steps: - - "Given a client environment with k8s or openshift, and CSM operator installed" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Apply custom resource [2]" - - "Validate custom resource [2]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Install connectivity client from CR [1]" - - "Validate connectivity client from CR [1] is installed" - - "Validate rbac created in namespace [test-vxflexos]" - - "Uninstall connectivity client from CR [1]" - - "Validate connectivity client from CR [1] is not installed" - - "Validate connectivity client rbac objects are removed from all namespaces" - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [2]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" + - "Given a client environment with k8s or openshift, and CSM operator installed" + - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" + - "Apply custom resource [2]" + - "Validate custom resource [2]" + - "Validate [powerflex] driver from CR [2] is installed" + - "Install connectivity client from CR [1]" + - "Validate connectivity client from CR [1] is installed" + - "Validate rbac created in namespace [test-vxflexos]" + - "Uninstall connectivity client from CR [1]" + - "Validate connectivity client from CR [1] is not installed" + - "Validate connectivity client rbac objects are removed from all namespaces" + - "Enable forceRemoveDriver on CR [2]" + - "Delete custom resource [2]" + - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" + - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - scenario: "Validate rbac objects created for brownfield scenario when the client is running and CSM is created" paths: diff --git a/tests/e2e/testfiles/pflex-pscale-values.yaml b/tests/e2e/testfiles/pflex-pscale-values.yaml index 8f63f83ff..e1f0f8155 100644 --- a/tests/e2e/testfiles/pflex-pscale-values.yaml +++ b/tests/e2e/testfiles/pflex-pscale-values.yaml @@ -17,7 +17,7 @@ - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" customTest: name: Cert CSI - run: + run: - ./cert-csi test vio --sc op-e2e-isilon --chainNumber 2 --chainLength 2 - scenario: "Uninstall PowerScale Driver" @@ -54,7 +54,7 @@ - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" customTest: name: Cert CSI - run: + run: - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - scenario: "Uninstall PowerFlex Driver" @@ -141,7 +141,7 @@ name: Cert CSI run: - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - + - scenario: Install PowerFlex Driver(With Authorization), Disable Authorization module" paths: - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" @@ -205,3 +205,7 @@ - "Delete custom resource [1]" - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" + + + + diff --git a/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml b/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml index 57616d621..ab5af5ad7 100644 --- a/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml +++ b/tests/e2e/testfiles/powerflex-templates/powerflex-secret-template.yaml @@ -3,6 +3,7 @@ systemID: REPLACE_SYSTEMID endpoint: https://REPLACE_ENDPOINT skipCertificateValidation: true - isDefault: true + isDefault: true mdm: REPLACE_MDM nasName: "none" + diff --git a/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml b/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml index 3886bb552..981b3d108 100644 --- a/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml +++ b/tests/e2e/testfiles/powerflex-templates/powerflex-storageclass-template.yaml @@ -9,11 +9,11 @@ reclaimPolicy: Delete allowVolumeExpansion: true parameters: storagepool: REPLACE_POOL - systemID: REPLACE_SYSTEMID + systemID: REPLACE_SYSTEMID csi.storage.k8s.io/fstype: ext4 volumeBindingMode: WaitForFirstConsumer allowedTopologies: - - matchLabelExpressions: - - key: csi-vxflexos.dellemc.com/REPLACE_SYSTEMID - values: - - csi-vxflexos.dellemc.com +- matchLabelExpressions: + - key: csi-vxflexos.dellemc.com/REPLACE_SYSTEMID + values: + - csi-vxflexos.dellemc.com diff --git a/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml b/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml index e58830dcc..7dfb5690f 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax-secret-template.yaml @@ -12,4 +12,4 @@ data: # if authorization is enabled, password will be ignored password: "REPLACE_PASS" # Uncomment the following key if you wish to use ISCSI CHAP authentication (v1.3.0 onwards) - # chapsecret: + # chapsecret: \ No newline at end of file diff --git a/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml b/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml index f0629b09f..7ad1001b0 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax-storageclass-template.yaml @@ -20,3 +20,4 @@ allowedTopologies: - key: csi-powermax.dellemc.com/REPLACE_SYSTEMID.iscsi values: - csi-powermax.dellemc.com + diff --git a/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml b/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml index f77d51908..d3f3a8fc4 100644 --- a/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml +++ b/tests/e2e/testfiles/powermax-templates/powermax_reverse_proxy_config.yaml @@ -28,4 +28,4 @@ standAloneConfig: managementServers: - url: "https://REPLACE_AUTH_ENDPOINT:9400" arrayCredentialSecret: powermax-creds - skipCertificateValidation: true + skipCertificateValidation: true \ No newline at end of file diff --git a/tests/e2e/testfiles/powerscale-cert-secret-0.yaml b/tests/e2e/testfiles/powerscale-cert-secret-0.yaml index 5f7b2274b..cdfc73c59 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-0.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-0.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-0 - namespace: dell + name: powerscale-certs-0 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-cert-secret-1.yaml b/tests/e2e/testfiles/powerscale-cert-secret-1.yaml index a902f0042..7a0e1dd60 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-1.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-1.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-1 - namespace: dell + name: powerscale-certs-1 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-cert-secret-2.yaml b/tests/e2e/testfiles/powerscale-cert-secret-2.yaml index 1f7e52bcf..1989102ee 100644 --- a/tests/e2e/testfiles/powerscale-cert-secret-2.yaml +++ b/tests/e2e/testfiles/powerscale-cert-secret-2.yaml @@ -1,8 +1,8 @@ apiVersion: v1 kind: Secret metadata: - name: powerscale-certs-2 - namespace: dell + name: powerscale-certs-2 + namespace: dell type: Opaque data: - cert-0: "" + cert-0: "" diff --git a/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml b/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml index d39d78e1a..06fec65c3 100644 --- a/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml +++ b/tests/e2e/testfiles/powerscale-sc-alt-ifs.yaml @@ -61,6 +61,7 @@ parameters: # until a Pod using the PersistentVolumeClaim is created # Default value: Immediate volumeBindingMode: Immediate + # allowedTopologies helps scheduling pods on worker nodes which match all of below expressions. # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies # Change all instances of to the IP of the PowerScale OneFS API server diff --git a/tests/e2e/testfiles/powerscale-sc.yaml b/tests/e2e/testfiles/powerscale-sc.yaml index 151d9bd3a..070795671 100644 --- a/tests/e2e/testfiles/powerscale-sc.yaml +++ b/tests/e2e/testfiles/powerscale-sc.yaml @@ -61,6 +61,7 @@ parameters: # until a Pod using the PersistentVolumeClaim is created # Default value: Immediate volumeBindingMode: Immediate + # allowedTopologies helps scheduling pods on worker nodes which match all of below expressions. # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies # Change all instances of to the IP of the PowerScale OneFS API server diff --git a/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml b/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml index 9fd749538..6114c64f0 100644 --- a/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml +++ b/tests/e2e/testfiles/powerstore-templates/powerstore-secret-template.yaml @@ -1,9 +1,9 @@ arrays: - endpoint: "https://REPLACE_ENDPOINT/api/rest" globalID: REPLACE_GLOBALID - username: REPLACE_USER + username: REPLACE_USER password: REPLACE_PASS skipCertificateValidation: true isDefault: true blockProtocol: "auto" - nasName: "Generic_NAS" + nasName: "Generic_NAS" \ No newline at end of file diff --git a/tests/e2e/testfiles/sample-application/kustomization.yaml b/tests/e2e/testfiles/sample-application/kustomization.yaml index b587f6939..1ac36f340 100644 --- a/tests/e2e/testfiles/sample-application/kustomization.yaml +++ b/tests/e2e/testfiles/sample-application/kustomization.yaml @@ -1,7 +1,7 @@ secretGenerator: - - name: mysql-pass - literals: - - password=dangerous +- name: mysql-pass + literals: + - password=dangerous resources: - mysql-deployment.yaml - wordpress-deployment.yaml diff --git a/tests/e2e/testfiles/sample-application/mysql-deployment.yaml b/tests/e2e/testfiles/sample-application/mysql-deployment.yaml index f557f7cc1..65f5dbbaa 100644 --- a/tests/e2e/testfiles/sample-application/mysql-deployment.yaml +++ b/tests/e2e/testfiles/sample-application/mysql-deployment.yaml @@ -46,21 +46,21 @@ spec: tier: mysql spec: containers: - - image: mysql:5.6 + - image: mysql:5.6 + name: mysql + env: + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 3306 name: mysql - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-pass - key: password - ports: - - containerPort: 3306 - name: mysql - volumeMounts: - - name: mysql-persistent-storage - mountPath: /var/lib/mysql - volumes: + volumeMounts: - name: mysql-persistent-storage - persistentVolumeClaim: - claimName: mysql-pv-claim + mountPath: /var/lib/mysql + volumes: + - name: mysql-persistent-storage + persistentVolumeClaim: + claimName: mysql-pv-claim diff --git a/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml b/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml index 1f5198718..7bd656f1f 100644 --- a/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml +++ b/tests/e2e/testfiles/sample-application/wordpress-deployment.yaml @@ -10,7 +10,7 @@ spec: selector: app: wordpress tier: frontend - type: NodePort + type: NodePort --- apiVersion: v1 kind: PersistentVolumeClaim @@ -47,26 +47,26 @@ spec: spec: securityContext: sysctls: - - name: net.ipv4.ip_unprivileged_port_start - value: "0" + - name: net.ipv4.ip_unprivileged_port_start + value: "0" containers: - - image: wordpress:6.3.1-apache + - image: wordpress:6.3.1-apache + name: wordpress + env: + - name: WORDPRESS_DB_HOST + value: wordpress-mysql + - name: WORDPRESS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: mysql-pass + key: password + ports: + - containerPort: 80 name: wordpress - env: - - name: WORDPRESS_DB_HOST - value: wordpress-mysql - - name: WORDPRESS_DB_PASSWORD - valueFrom: - secretKeyRef: - name: mysql-pass - key: password - ports: - - containerPort: 80 - name: wordpress - volumeMounts: - - name: wordpress-persistent-storage - mountPath: /var/www/html - volumes: + volumeMounts: - name: wordpress-persistent-storage - persistentVolumeClaim: - claimName: wp-pv-claim + mountPath: /var/www/html + volumes: + - name: wordpress-persistent-storage + persistentVolumeClaim: + claimName: wp-pv-claim diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 4332d8b2f..f5bc86d77 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -16,8 +16,8 @@ # Upgrade from V1 to V2 is not supported - scenario: "Install Authorization Proxy Server V1 and upgrade" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 tags: - "authorizationproxyserver" steps: @@ -96,8 +96,8 @@ - scenario: "Install Authorization Proxy Server & PowerFlex Driver (With Authorization V1), Upgrade both Authorization Proxy Server and PowerFlex Driver" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 + - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" tags: @@ -1649,6 +1649,7 @@ run: - cert-csi test vio --sc op-e2e-pmax --chainNumber 2 --chainLength 2 + - scenario: "Install Powermax Driver(Standalone), Enable Resiliency" paths: - "testfiles/storage_csm_powermax.yaml" @@ -1668,6 +1669,7 @@ - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + - scenario: "Install Powermax Driver(With Resiliency), Disable Resiliency module" paths: - "testfiles/storage_csm_powermax_resiliency.yaml" @@ -1686,3 +1688,4 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" + diff --git a/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml b/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml index 5db0de92c..207f1622d 100644 --- a/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml +++ b/tests/e2e/testfiles/scenarios_observability_upgrade_with_powerscale.yaml @@ -15,7 +15,7 @@ - "Validate [powerscale] driver from CR [1] is installed" - "Validate [observability] module from CR [1] is installed" - "Run custom test" - + #upgrade - "Upgrade from custom resource [1] to [2]" - "Validate custom resource [2]" @@ -26,4 +26,4 @@ # cleanup - "Enable forceRemoveDriver on CR [1]" - "Delete custom resource [1]" - - "Delete custom resource [2]" + - "Delete custom resource [2]" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml index 08a1d8428..a7a22f5de 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_driver_only_upgrade.yaml @@ -36,19 +36,20 @@ spec: - name: "CERT_SECRET_COUNT" value: "0" + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5.2.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.225.109.64,10.225.109.65" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.225.109.64,10.225.109.65" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -130,7 +131,7 @@ spec: name: sdc envs: - name: MDM - value: "10.x.x.x,10.x.x.x" #provide MDM value + value: "10.x.x.x,10.x.x.x" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -138,13 +139,13 @@ spec: enabled: true configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.11.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.11.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml index 2441557ca..6dbe6a072 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml @@ -36,19 +36,20 @@ spec: - name: "CERT_SECRET_COUNT" value: "0" + sideCars: - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:4.5 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.x.x.x,10.x.x.x" #provide MDM value + - name: HOST_PID + value: "1" + - name: MDM + value: "10.x.x.x,10.x.x.x" #provide MDM value - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -130,7 +131,7 @@ spec: name: sdc envs: - name: MDM - value: "10.225.109.64,10.225.109.65" #provide MDM value + value: "10.225.109.64,10.225.109.65" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC - name: authorization @@ -138,13 +139,13 @@ spec: enabled: true configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.11.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.11.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml index ebe2943d5..827e79e5f 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_downgrade.yaml @@ -42,22 +42,22 @@ spec: value: "false" sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver + # 'k8s' represents a string prepended to each volume created by the CSI driver - name: provisioner args: ["--volume-name-prefix=k8s"] - # sdc-monitor is disabled by default, due to high CPU usage + # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor enabled: false image: dellemc/sdc:3.6.1 envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - name: csi-external-health-monitor-controller enabled: false args: ["--monitor-interval=60s"] @@ -103,6 +103,7 @@ spec: node: envs: + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval # Allowed values: # true: enable SDC approval @@ -134,6 +135,8 @@ spec: - name: X_CSI_MAX_VOLUMES_PER_NODE value: "0" + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset # Leave as blank to use all nodes # Allowed values: map of key-value pairs @@ -156,7 +159,7 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" @@ -182,7 +185,7 @@ spec: name: sdc envs: - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value modules: # Authorization: enable csm-authorization for RBAC @@ -191,16 +194,16 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # observability: allows to configure observability - name: observability @@ -326,52 +329,52 @@ spec: enabled: false configVersion: v1.7.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerflex" + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" - name: resiliency # enabled: Enable/Disable Resiliency feature diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index 4ef8b1773..562b560a7 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -145,7 +145,7 @@ spec: # - key: "node-role.kubernetes.io/master" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index d25470dea..f493dac1d 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: @@ -306,4 +306,4 @@ spec: - "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock" - "--mode=node" - "--driver-config-params=/powermax-config-params/driver-config-params.yaml" - - "--driverPath=csi-powermax.dellemc.com" + - "--driverPath=csi-powermax.dellemc.com" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml index 08c3056ce..f472d4ea5 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_authorization.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization @@ -277,4 +277,4 @@ spec: value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + value: "true" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 1f2dd042b..4ae990a75 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,28 +242,28 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" - + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" + # observability: allows to configure observability - name: observability # enabled: Enable/Disable observability diff --git a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml index 1feba38db..4e929ac82 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_resiliency.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,27 +242,27 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "false" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "false" - name: resiliency # enabled: Enable/Disable Resiliency feature # Allowed values: diff --git a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index fc0a656a4..6bbf5d2bd 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -225,7 +225,7 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity @@ -277,4 +277,4 @@ spec: value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + value: "true" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml index e19e67fd6..0beb3709b 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_sidecar.yaml @@ -225,9 +225,9 @@ spec: # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false - args: ["--monitor-interval=60s"] + args: [ "--monitor-interval=60s" ] image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1 - + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure only when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -242,24 +242,24 @@ spec: forceRemoveModule: true configVersion: v2.10.0 components: - - name: csipowermax-reverseproxy - # image: Define the container images used for the reverse proxy + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:nightly + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly - envs: - # "tlsSecret" defines the TLS secret that is created with certificate - # and its associated key - # Default value: None - # Example: "tls-secret" - - name: X_CSI_REVPROXY_TLS_SECRET - value: "csirevproxy-tls-secret" - - name: X_CSI_REVPROXY_PORT - value: "2222" - - name: X_CSI_CONFIG_MAP_NAME - value: "powermax-reverseproxy-config" - # deployAsSidecar defines the way reversproxy is installed with the driver - # set it true, if csm-auth is enabled / you want it as a sidecar container - # set it false, if you want it as a deployment - - name: "DeployAsSidecar" - value: "true" + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" \ No newline at end of file diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 8ff25f164..168efdebb 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -1,488 +1,488 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: isilon - namespace: isilon -spec: - driver: - csiDriverType: "isilon" - csiDriverSpec: - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.11.0 - authSecret: isilon-creds - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - # Uninstall CSI Driver and/or modules when CR is deleted - forceRemoveDriver: true - common: - image: "dellemc/csi-isilon:nightly" - imagePullPolicy: IfNotPresent - envs: - # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs - # Allowed Values: - # 0: log full content of the HTTP request and response - # 1: log without the HTTP response body - # 2: log only 1st line of the HTTP request and response - # Default value: 0 - - name: X_CSI_VERBOSE - value: "1" - - # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server - # This value acts as a default value for endpointPort, if not specified for a cluster config in secret - # Allowed value: valid port number - # Default value: 8080 - - name: X_CSI_ISI_PORT - value: "8080" - - # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. - # This value acts as a default value for isiPath, if not specified for a cluster config in secret - # Ensure that this path exists on PowerScale cluster. - # Allowed values: unix absolute path - # Default value: /ifs - # Examples: /ifs/data/csi, /ifs/engineering - - name: X_CSI_ISI_PATH - value: "/ifs/data/csi" - - # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization - # Allowed values: - # true : do not probe all PowerScale clusters during driver initialization - # false: probe all PowerScale clusters during driver initialization - # Default value: false - - name: X_CSI_ISI_NO_PROBE_ON_START - value: "false" - - # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. - # Allowed values: - # true : enable auto probe. - # false: disable auto probe. - # Default value: false - - name: X_CSI_ISI_AUTOPROBE - value: "true" - - # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. - # Formerly this attribute was named as "X_CSI_ISI_INSECURE" - # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret - # Allowed values: - # true: skip OneFS API server's certificate verification - # false: verify OneFS API server's certificates - # Default value: true - - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION - value: "true" - - # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: - # has to be used for making connection to backend PowerScale Array. - # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. - # Allowed values: - # true : enable custom topology - # false: disable custom topology - # Default value: false - - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED - value: "false" - - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: None - - name: KUBELET_CONFIG_DIR - value: "/var/lib/kubelet" - - # certSecretCount: Represents number of certificate secrets, which user is going to create for - # ssl authentication. (isilon-cert-0..isilon-cert-n) - # Allowed values: n, where n > 0 - # Default value: None - - name: "CERT_SECRET_COUNT" - value: "1" - - # CSI driver log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "CSI_LOG_LEVEL" - value: "debug" - - controller: - envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of controller deployment. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controller deployment, if required. - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - node: - envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of node daemonset - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the node daemonset, if required. - # Default value: None - tolerations: - # - key: "node.kubernetes.io/memory-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/disk-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/network-unavailable" - # operator: "Exists" - # effect: "NoExecute" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - sideCars: - - name: provisioner - args: ["--volume-name-prefix=csipscale"] - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - enabled: false - args: ["--monitor-interval=60s"] - - modules: - # Authorization: enable csm-authorization for RBAC - - name: authorization - # enable: Enable/Disable csm-authorization - enabled: false - configVersion: v1.11.0 - components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" - - # replication: allows to configure replication - # Replication CRDs must be installed before installing driver - - name: replication - # enabled: Enable/Disable replication feature - # Allowed values: - # true: enable replication feature(install dell-csi-replicator sidecar) - # false: disable replication feature(do not install dell-csi-replicator sidecar) - # Default value: false - enabled: false - configVersion: v1.9.0 - components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 - - # observability: allows to configure observability - - name: observability - # enabled: Enable/Disable observability - enabled: true - configVersion: v1.9.0 - components: - - name: topology - # enabled: Enable/Disable topology - enabled: true - # image: Defines karavi-topology image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-topology:nightly - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # topology log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "TOPOLOGY_LOG_LEVEL" - value: "INFO" - - - name: otel-collector - # enabled: Enable/Disable OpenTelemetry Collector - enabled: true - # image: Defines otel-collector image. This shouldn't be changed - # Allowed values: string - image: otel/opentelemetry-collector:0.42.0 - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # image of nginx proxy image - # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.20" - - name: "NGINX_PROXY_IMAGE" - value: "nginxinc/nginx-unprivileged:1.20" - - - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - enabled: true - - - name: metrics-powerscale - # enabled: Enable/Disable PowerScale metrics - enabled: true - # image: Defines PowerScale metrics image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-metrics-powerscale:nightly - envs: - # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale - # Allowed values: int - # Default value: 10 - - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" - value: "10" - # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" - value: "true" - # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" - value: "true" - # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data - # Allowed values: int - # Default value: 30 - - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" - value: "30" - # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" - value: "20" - # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" - value: "30" - # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_INSECURE" - value: "true" - # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_AUTH_TYPE" - value: "0" - # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs - # Allowed values: 0,1,2 - # Default value: 0 - - name: "ISICLIENT_VERBOSE" - value: "0" - # PowerScale metrics log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "POWERSCALE_LOG_LEVEL" - value: "INFO" - # PowerScale Metrics Output logs in the specified format - # Valid values: TEXT, JSON - # Default value: "TEXT" - - name: "POWERSCALE_LOG_FORMAT" - value: "TEXT" - # Otel collector address - # Allowed values: String - # Default value: "otel-collector:55680" - - name: "COLLECTOR_ADDRESS" - value: "otel-collector:55680" - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - name: podmon-node - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + configVersion: v2.11.0 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "dellemc/csi-isilon:nightly" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.11.0 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.9.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: true + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: true + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:nightly + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "0" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - name: podmon-node + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index cdc6b083f..04b344e4a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -1,488 +1,488 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: isilon - namespace: isilon -spec: - driver: - csiDriverType: "isilon" - csiDriverSpec: - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.11.0 - authSecret: isilon-creds - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - # Uninstall CSI Driver and/or modules when CR is deleted - forceRemoveDriver: true - common: - image: "dellemc/csi-isilon:nightly" - imagePullPolicy: IfNotPresent - envs: - # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs - # Allowed Values: - # 0: log full content of the HTTP request and response - # 1: log without the HTTP response body - # 2: log only 1st line of the HTTP request and response - # Default value: 0 - - name: X_CSI_VERBOSE - value: "1" - - # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server - # This value acts as a default value for endpointPort, if not specified for a cluster config in secret - # Allowed value: valid port number - # Default value: 8080 - - name: X_CSI_ISI_PORT - value: "8080" - - # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. - # This value acts as a default value for isiPath, if not specified for a cluster config in secret - # Ensure that this path exists on PowerScale cluster. - # Allowed values: unix absolute path - # Default value: /ifs - # Examples: /ifs/data/csi, /ifs/engineering - - name: X_CSI_ISI_PATH - value: "/ifs/data/csi" - - # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization - # Allowed values: - # true : do not probe all PowerScale clusters during driver initialization - # false: probe all PowerScale clusters during driver initialization - # Default value: false - - name: X_CSI_ISI_NO_PROBE_ON_START - value: "false" - - # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. - # Allowed values: - # true : enable auto probe. - # false: disable auto probe. - # Default value: false - - name: X_CSI_ISI_AUTOPROBE - value: "true" - - # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. - # Formerly this attribute was named as "X_CSI_ISI_INSECURE" - # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret - # Allowed values: - # true: skip OneFS API server's certificate verification - # false: verify OneFS API server's certificates - # Default value: true - - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION - value: "true" - - # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: - # has to be used for making connection to backend PowerScale Array. - # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. - # Allowed values: - # true : enable custom topology - # false: disable custom topology - # Default value: false - - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED - value: "false" - - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: None - - name: KUBELET_CONFIG_DIR - value: "/var/lib/kubelet" - - # certSecretCount: Represents number of certificate secrets, which user is going to create for - # ssl authentication. (isilon-cert-0..isilon-cert-n) - # Allowed values: n, where n > 0 - # Default value: None - - name: "CERT_SECRET_COUNT" - value: "1" - - # CSI driver log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "CSI_LOG_LEVEL" - value: "debug" - - controller: - envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of controller deployment. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controller deployment, if required. - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - node: - envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" - - # nodeSelector: Define node selection constraints for pods of node daemonset - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the node daemonset, if required. - # Default value: None - tolerations: - # - key: "node.kubernetes.io/memory-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/disk-pressure" - # operator: "Exists" - # effect: "NoExecute" - # - key: "node.kubernetes.io/network-unavailable" - # operator: "Exists" - # effect: "NoExecute" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - - sideCars: - - name: provisioner - args: ["--volume-name-prefix=csipscale"] - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - enabled: false - args: ["--monitor-interval=60s"] - - modules: - # Authorization: enable csm-authorization for RBAC - - name: authorization - # enable: Enable/Disable csm-authorization - enabled: false - configVersion: v1.11.0 - components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" - - # replication: allows to configure replication - # Replication CRDs must be installed before installing driver - - name: replication - # enabled: Enable/Disable replication feature - # Allowed values: - # true: enable replication feature(install dell-csi-replicator sidecar) - # false: disable replication feature(do not install dell-csi-replicator sidecar) - # Default value: false - enabled: false - configVersion: v1.9.0 - components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed - # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 - - # observability: allows to configure observability - - name: observability - # enabled: Enable/Disable observability - enabled: true - configVersion: v1.9.0 - components: - - name: topology - # enabled: Enable/Disable topology - enabled: true - # image: Defines karavi-topology image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-topology:nightly - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" - envs: - # topology log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "TOPOLOGY_LOG_LEVEL" - value: "INFO" - - - name: otel-collector - # enabled: Enable/Disable OpenTelemetry Collector - enabled: false - # image: Defines otel-collector image. This shouldn't be changed - # Allowed values: string - image: otel/opentelemetry-collector:0.42.0 - # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # image of nginx proxy image - # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.20" - - name: "NGINX_PROXY_IMAGE" - value: "nginxinc/nginx-unprivileged:1.20" - - - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true - enabled: true - - - name: metrics-powerscale - # enabled: Enable/Disable PowerScale metrics - enabled: false - # image: Defines PowerScale metrics image. This shouldn't be changed - # Allowed values: string - image: dellemc/csm-metrics-powerscale:nightly - envs: - # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale - # Allowed values: int - # Default value: 10 - - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" - value: "10" - # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" - value: "true" - # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" - value: "true" - # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data - # Allowed values: int - # Default value: 30 - - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" - value: "30" - # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" - value: "20" - # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data - # Allowed values: int - # Default value: 20 - - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" - value: "30" - # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_INSECURE" - value: "true" - # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication - # Allowed values: ture, false - # Default value: true - - name: "ISICLIENT_AUTH_TYPE" - value: "0" - # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs - # Allowed values: 0,1,2 - # Default value: 0 - - name: "ISICLIENT_VERBOSE" - value: "0" - # PowerScale metrics log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "POWERSCALE_LOG_LEVEL" - value: "INFO" - # PowerScale Metrics Output logs in the specified format - # Valid values: TEXT, JSON - # Default value: "TEXT" - - name: "POWERSCALE_LOG_FORMAT" - value: "TEXT" - # Otel collector address - # Allowed values: String - # Default value: "otel-collector:55680" - - name: "COLLECTOR_ADDRESS" - value: "otel-collector:55680" - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - name: podmon-node - image: dellemc/podmon:nightly - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - - "--labelvalue=csi-isilon" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-isilon.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + configVersion: v2.11.0 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + image: "dellemc/csi-isilon:nightly" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.11.0 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.9.0 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: true + configVersion: v1.9.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: true + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:nightly + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeUl4ZGdOMDQ3Z2ZONU9Id0hxYTI5RzVnd3Q5M2VidnEwZVdnZE5RWXUvUU91YktoCkNyVmFDekFwc0xoUXJ5YThDODlrUzN1ZkRzSzN6N2hySEV4Z25XOGc3Ri9XTjVpaXYzcU9GcDk2ZVc4VFR5UHIKYVZLSld6bGsvcUloVnZIRlRsU25OY3JiU2VuOUZIcWZkeEZwN3ozVUl3bVVrZk8vTTQ1RHkrcDU2cmdqOW4vSQo2L1ZraTFlcWpQSDdXWU52SUFyTWtKb2UwYUhZVUk3amt3RGdTemRNYzJzN1I5NWxQTFY1MDgxdFNCWTJtNno0ClRrdXZLUHRtUWdaTC9ySi9pR1EwS1U5MmJkRVAvVEg1UnhJMkR2dlNwUEs1UkhzTEhPVDdUZWV5NGJXU1VQemIKU0cwUUFBNG9ScjU1djNVWG5pZjBMcDRENDlOcXB0UitFc2ZMdndJREFRQUJBb0lCQUUva2V5dG05ZEw5a094cApoYnJ3TjFwUXpvTlRlc2tvTDNmR3ZwRk1IVDVqRDZxeW1xMGxhZVdqSGppa2RLQVNFait5TXdaUERTSllOOW1zClloODMzaFZadkFmdWRleFlCaDI1dVBrU056eEJIN1FiWHlEcUhJWVc2MEQxWGNyQkxoVHliRnBsb2M1a1JNbnYKdjY4elpMeEdLVWg3L0kvWVJvZEhXWUxXdWhMaTYvVGpKMGNJbWlOVWxMeWhXNHJrUXRveUZmelYvWkZpZGYvWApSYjQwRHRCRk1QbytVdFRBbnJuTlF3UDN2cEF5U09OV2U3MW45dS9XdFlwYzVNeDJGaGZFbm5PcTlZcVNEMVNQCm5hUC9OUndOQ2xOY1BleWZaSU84SytWT3MvbFpBOGErMXREWTZzOFVOTHBvcm42YkRWdEsweU4rTU9YK1FLaXEKTG9KeDZtRUNnWUVBNlU3ZU96OEcybG9wd245ald6YXBobG5TU2RFTHZobS95cllNMy9TN2puTkRYNkd3TkRlKwpFQTFINUs1UDRLNnlleFMvZEllaWo4bDhiRytVb0V3Rm9pOVIxaTdGR21DL1p6WTRpa2IyQXI0MU8yV29kVk9UCkRjNnBjdmlkWnp5ZjJWaGlTMFNLZ3ZodDdzSTlQcjFyZWlyNW9TYXBuUC9hUFhCTkl3dDh3V01DZ1lFQTNBM1AKODNrOUlPdjNNUWhiL1JiUDVBRWZYaW85U0hJNW1oekFLankxY2M1WDdadjI2SmpIc21RNGQrb0s0UjljMGFIWApETDFBRlYrWTkyRTU4ZVE1SXJhQ3JTQVAwYk45bENqLzdEMDFrT2ZnTis5QXJzVy8yc0tFcFRtZENtc3ZGb1JuClNOUzBNYmpDdmQxOEtYdWNFYmdoZzZTcjZwaGN2QWVoaGtpcjZQVUNnWUVBcFl0bXVKZENINUUyYkdIRGVDZFQKSnBkNVZSTlZ4Nit4blA2TUtDVVpLRHkxSTVndzFQeHdpaWRDU2dzOWRtbS9Ed0pyengybXhXdnNNMjBCQXJTdQprcVFNNTNNTVBHbEZwdENjVWRHRUlmSWhCMkpjbzlPSFZwYTdPVzhiRVBPOVlKVU1PZWdLZUdBYWNQMjJRMXhZCmRMa2xvNmt4Vk10ZWFaWFR4ZmdTcjQwQ2dZRUF3K2lnSEZqeHJSK213TVo2YndZaUt4RTh4ZTdCQklCOCs5RmcKMjdtVXFDOVdaTG9YeGRoTzRXa01ST1hlcmJIb1J0SFl6UVNueXQrREphb3Zsa1RqQVI2UGxHWVk3MDduSEVLcwpKYndRdG1OWllUTGwyVE5BclJmRVUvekk3UCtqdWw1Q1BicndlZHZOdEk4OC9RbUpWdFVoTVR3bnVnSFBmYThsCmhKR3FTd2tDZ1lFQW1UKzJQY1VIdVZuYXU1ZjVYMXZPaVI1aGtyNEZYUFhwZVVRZDVyMFZZazBsb01Yc3FQVGsKc0lZN0lmSUlRZ01xbFNnUVhMeVBpbjJPWEN1ZnBKTlVDRlJRamtMV2ZCZW1QbEh6N2hjNURvVHJEU1doOUtETApNak9HL3d4ckRwZGlvRnZmcVA3bldIeGk3UzAxNXpHNHhtbkg2WUZ1TThuaHpyU3NSQzhzV20wPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: private key for cert/private-key pair -- please add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + enabled: true + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:nightly + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "0" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.10.0 + components: + - name: podmon-controller + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + args: + - "--csisock=unix:/var/run/csi/csi.sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=controller" + - "--skipArrayConnectionValidation=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - name: podmon-node + image: dellemc/podmon:nightly + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--driverPath=csi-isilon.dellemc.com" + - "--mode=node" + - "--leaderelection=false" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml index 8fc037dab..bc142a779 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val1.yaml @@ -103,54 +103,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -172,38 +172,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -247,16 +247,16 @@ spec: enabled: false configVersion: v1.10.1 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -269,58 +269,58 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 # observability: allows to configure observability - name: observability @@ -371,11 +371,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true enabled: true - name: metrics-powerscale diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml index 8ff25f164..a35add2bd 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_val2.yaml @@ -103,54 +103,54 @@ spec: controller: envs: - # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota - # on a newly provisioned volume. - # This requires SmartQuotas to be enabled on PowerScale cluster. - # Allowed values: - # true: set quota for volume - # false: do not set quota for volume - - name: X_CSI_ISI_QUOTA_ENABLED - value: "true" - - # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. - # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. - # Default value: System - # Examples: System, zone1 - - name: X_CSI_ISI_ACCESS_ZONE - value: "System" - - # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS - value: "0777" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. - # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the - # same exports are unresolvable/doesn't exist anymore. - # Allowed values: - # true: ignore existing unresolvable hosts and append new host to the existing export - # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails - # Default value: false - - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS - value: "false" + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of controller deployment. # For the pod to be eligible to run on a node, the node must have each @@ -172,38 +172,38 @@ spec: node: envs: - # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. - # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. - # Allowed values: n, where n >= 0 - # Default value: 0 - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - - # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "[net1, net2]" - # CIDR format should be used - # eg: "[192.168.1.0/24, 192.168.100.0/22]" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" - # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. - # Default value: 192 - # Examples: 192, 256 - - name: X_CSI_MAX_PATH_LIMIT - value: "192" + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" # nodeSelector: Define node selection constraints for pods of node daemonset # For the pod to be eligible to run on a node, the node must have each @@ -247,16 +247,16 @@ spec: enabled: false configVersion: v1.11.0 components: - - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:nightly + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" # replication: allows to configure replication # Replication CRDs must be installed before installing driver @@ -269,58 +269,58 @@ spec: enabled: false configVersion: v1.9.0 components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.9.0 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string - # Default value: None - image: dellemc/dell-csi-replicator:v1.9.0 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - # Default value: powerstore - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerscale" - - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string - image: dellemc/dell-replication-controller:v1.9.0 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "self" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - - name: dell-replication-controller-init - # image: Defines replication init container image. This shouldn't be changed + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.9.0 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration # Allowed values: string - image: dellemc/dell-replication-init:v1.0.0 + - name: "TARGET_CLUSTERS_IDS" + value: "self" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: dell-replication-controller-init + # image: Defines replication init container image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-init:v1.0.0 # observability: allows to configure observability - name: observability @@ -371,11 +371,11 @@ spec: value: "nginxinc/nginx-unprivileged:1.20" - name: cert-manager - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true enabled: true - name: metrics-powerscale diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index badf06f20..d23513205 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -225,7 +225,7 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 75ca96cc6..06ee947c2 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -82,7 +82,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index 349712d23..e54191e89 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -82,7 +82,7 @@ spec: value: "false" # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: + # Default Value: - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS value: # nodeSelector: Define node selection constraints for controller pods. From b2a5f84124299a6429ab23311b5aaa1d1c35a245 Mon Sep 17 00:00:00 2001 From: Harshita Pandey Date: Fri, 27 Sep 2024 12:49:34 +0530 Subject: [PATCH 22/33] Fixing issues with Powermax creds and storageclass --- tests/e2e/testfiles/scenarios.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index f5bc86d77..3484b8419 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -1554,8 +1554,8 @@ - "powermax" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create storageclass with name [powermax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" + - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" @@ -1568,7 +1568,7 @@ customTest: name: Cert CSI run: - - cert-csi test vio --sc powermax --chainNumber 2 --chainLength 2 + - cert-csi test vio --sc op-e2e-pmax --chainNumber 2 --chainLength 2 - scenario: "Install PowerMax Driver(Sidecar)" paths: @@ -1577,8 +1577,8 @@ - "powermax" steps: - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create storageclass with name [powermax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" + - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" @@ -1591,7 +1591,7 @@ customTest: name: Cert CSI run: - - cert-csi test vio --sc powermax --chainNumber 2 --chainLength 2 + - cert-csi test vio --sc op-e2e-pmax --chainNumber 2 --chainLength 2 - scenario: "Install PowerMax Driver(With Observability)" paths: @@ -1602,7 +1602,7 @@ steps: - "Given an environment with k8s or openshift, and CSM operator installed" - "Create storageclass with name [op-e2e-pmax] and template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] name [powermax-creds] in namespace [powermax] for [pmaxCreds]" + - "Set up creds with template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" - "Apply custom resource [1]" - "Validate custom resource [1]" - "Validate [powermax] driver from CR [1] is installed" From 66b0a27f05a648236c7b32c44b2e8aa000e3e373 Mon Sep 17 00:00:00 2001 From: Akshay Saini <109056238+AkshaySainiDell@users.noreply.github.com> Date: Fri, 27 Sep 2024 04:03:14 -0500 Subject: [PATCH 23/33] Add PSCALE_PORT in e2e/array-info.sh --- tests/e2e/array-info.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/e2e/array-info.sh b/tests/e2e/array-info.sh index ffc841995..a8c3a166f 100755 --- a/tests/e2e/array-info.sh +++ b/tests/e2e/array-info.sh @@ -39,7 +39,8 @@ export PFLEX_TENANT_PREFIX="tn1" export PSCALE_CLUSTER="Isilon-System-Name" export PSCALE_USER="username" export PSCALE_PASS="password" -export PSCALE_ENDPOINT="1.1.1.1:8080" +export PSCALE_ENDPOINT="1.1.1.1" +export PSCALE_PORT="8080" export PSCALE_AUTH_ENDPOINT="localhost" export PSCALE_AUTH_PORT="9400" # The following are Authorization Proxy Server specific for powerscale: From 02d3018c017df773d58aeb1f452981ac95873a71 Mon Sep 17 00:00:00 2001 From: Rishabh Raj Date: Fri, 27 Sep 2024 11:34:43 +0000 Subject: [PATCH 24/33] removed ocp/1.6.1 samples --- .../1.6.1/storage_csm_powerflex_v2110.yaml | 406 ------------------ .../1.6.1/storage_csm_powerstore_v2111.yaml | 216 ---------- .../ocp/1.6.1/storage_csm_unity_v2111.yaml | 168 -------- 3 files changed, 790 deletions(-) delete mode 100644 samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml delete mode 100644 samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml delete mode 100644 samples/ocp/1.6.1/storage_csm_unity_v2111.yaml diff --git a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml b/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml deleted file mode 100644 index 6891adc32..000000000 --- a/samples/ocp/1.6.1/storage_csm_powerflex_v2110.yaml +++ /dev/null @@ -1,406 +0,0 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: vxflexos - namespace: vxflexos -spec: - driver: - csiDriverType: "powerflex" - csiDriverSpec: - # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "File" - # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array - # Allowed values: - # true: enable storage capacity tracking - # false: disable storage capacity tracking - storageCapacity: true - configVersion: v2.11.0 - replicas: 1 - dnsPolicy: ClusterFirstWithHostNet - forceUpdate: false - forceRemoveDriver: true - common: - image: "registry.connect.redhat.com/dell-emc/csi-vxflexos@sha256:a4e96d11be8920f01b273748a8cf8cfc60515403640f77f101a13f7d79056e23" - imagePullPolicy: IfNotPresent - envs: - - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT - value: "false" - - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE - value: "false" - - name: X_CSI_DEBUG - value: "true" - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: /var/lib/kubelet - - name: KUBELET_CONFIG_DIR - value: "/var/lib/kubelet" - - name: "CERT_SECRET_COUNT" - value: "0" - - name: X_CSI_QUOTA_ENABLED - value: "false" - sideCars: - # 'k8s' represents a string prepended to each volume created by the CSI driver - - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 - args: ["--volume-name-prefix=k8s"] - - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 - - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac - - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 - - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c - - name: csi-metadata-retriever - image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 - # sdc-monitor is disabled by default, due to high CPU usage - - name: sdc-monitor - enabled: false - image: docker.io/dellemc/sdc@sha256:84d21e0bf603c1af86d937faa8950faa9d5aa53e9fb37af16cf77e9632004e33 - envs: - - name: HOST_PID - value: "1" - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # do not add mdm value here if it is present in secret - # health monitor is disabled by default, refer to driver documentation before enabling it - # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". - - name: csi-external-health-monitor-controller - enabled: false - args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c - # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity - # Configure when the storageCapacity is set as "true" - # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m - # - name: provisioner - # args: ["--capacity-poll-interval=5m"] - - controller: - envs: - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. - # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: None - - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS - value: - # "controller.nodeSelector" defines what nodes would be selected for pods of controller deployment - # Leave as blank to use all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - # node-role.kubernetes.io/master: "" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # "controller.tolerations" defines tolerations that would be applied to controller deployment - # Leave as blank to install controller on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - # - key: "node-role.kubernetes.io/master" - # operator: "Exists" - # effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - node: - envs: - # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval - # Allowed values: - # true: enable SDC approval - # false: disable SDC approval - # Default value: false - - name: X_CSI_APPROVE_SDC_ENABLED - value: "false" - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC - # Allowed values: - # true: enable renaming - # false: disable renaming - # Default value: false - - name: X_CSI_RENAME_SDC_ENABLED - value: "false" - # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. - # "prefix" + "worker_node_hostname" should not exceed 31 chars. - # Default value: none - # Examples: "rhel-sdc", "sdc-test" - - name: X_CSI_RENAME_SDC_PREFIX - value: "" - # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node - # Allowed values: Any value greater than or equal to 0 - # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. - # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. - # Default value: "0" - - name: X_CSI_MAX_VOLUMES_PER_NODE - value: "0" - # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset - # Leave as blank to use all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - # node-role.kubernetes.io/master: "" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # "node.tolerations" defines tolerations that would be applied to node daemonset - # Leave as blank to install node driver only on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - # - key: "node-role.kubernetes.io/master" - # operator: "Exists" - # effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - initContainers: - - image: docker.io/dellemc/sdc@sha256:84d21e0bf603c1af86d937faa8950faa9d5aa53e9fb37af16cf77e9632004e33 - imagePullPolicy: IfNotPresent - name: sdc - envs: - - name: MDM - value: "10.xx.xx.xx,10.xx.xx.xx" # provide MDM value - modules: - # Authorization: enable csm-authorization for RBAC - - name: authorization - # enable: Enable/Disable csm-authorization - enabled: false - # For PowerFlex Tech-Preview v2.0.0-alpha use v1.11.0 as configVersion. - # Do not change the configVersion to v2.0.0-alpha - configVersion: v1.11.0 - components: - - name: karavi-authorization-proxy - # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha - image: registry.connect.redhat.com/dell-emc/csm-authorization-sidecar@sha256:5d3f43f2c1bb0704ddf4b9d8f9218cc2d77cabcd73ec9e7076f4865809d2fc5d - envs: - # proxyHost: hostname of the csm-authorization server - - name: "PROXY_HOST" - value: "csm-authorization.com" - # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" - # observability: allows to configure observability - - name: observability - # enabled: Enable/Disable observability - enabled: false - configVersion: v1.9.0 - components: - - name: topology - # enabled: Enable/Disable topology - enabled: false - # image: Defines karavi-topology image. This shouldn't be changed - # Allowed values: string - image: registry.connect.redhat.com/dell-emc/csm-topology@sha256:25eb850d37bdd78fa62f39c17d8208a4f21539ff7396dc7b672bf6945bba388d - # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # topology log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "TOPOLOGY_LOG_LEVEL" - value: "INFO" - - name: otel-collector - # enabled: Enable/Disable OpenTelemetry Collector - enabled: false - # image: Defines otel-collector image. This shouldn't be changed - # Allowed values: string - image: docker.io/otel/opentelemetry-collector@sha256:cecb0904bcc2a90c823c2c044e7034934ab6c98b5ec52c337c0f6c6e57cd3cf1 - # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - certificate: "" - # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates - # for self-signed certs, leave empty string - # Allowed values: string - privateKey: "" - envs: - # image of nginx proxy image - # Allowed values: string - # Default value: "nginxinc/nginx-unprivileged:1.20" - - name: "NGINX_PROXY_IMAGE" - value: "nginxinc/nginx-unprivileged:1.20" - # enabled: Enable/Disable cert-manager - # Allowed values: - # true: enable deployment of cert-manager - # false: disable deployment of cert-manager only if it's already deployed - # Default value: false - - name: cert-manager - enabled: false - - name: metrics-powerflex - # enabled: Enable/Disable PowerFlex metrics - enabled: false - # image: Defines PowerFlex metrics image. This shouldn't be changed - image: registry.connect.redhat.com/dell-emc/csm-metrics-powerflex@sha256:03d145edb80b8633168af7c7236bde6887cd9f28b6c765fce427f245599feef6 - envs: - # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex - # Allowed values: int - # Default value: 10 - - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" - value: "10" - # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERFLEX_SDC_METRICS_ENABLED" - value: "true" - # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERFLEX_VOLUME_METRICS_ENABLED" - value: "true" - # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics - # Allowed values: ture, false - # Default value: true - - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" - value: "true" - # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data - # Allowed values: int - # Default value: 10 - - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" - value: "10" - # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data - # Allowed values: int - # Default value: 10 - - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" - value: "10" - # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data - # Allowed values: int - # Default value: 10 - - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" - value: "10" - # PowerFlex metrics log level - # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC - # Default value: "INFO" - - name: "POWERFLEX_LOG_LEVEL" - value: "INFO" - # PowerFlex Metrics Output logs in the specified format - # Valid values: TEXT, JSON - # Default value: "TEXT" - - name: "POWERFLEX_LOG_FORMAT" - value: "TEXT" - # Otel collector address - # Allowed values: String - # Default value: "otel-collector:55680" - - name: "COLLECTOR_ADDRESS" - value: "otel-collector:55680" - # Replication: allows to configure replication - # Replication CRDs must be installed before installing driver - - name: replication - # enabled: Enable/Disable replication feature - # Allowed values: - # true: enable replication feature(install dell-csi-replicator sidecar) - # false: disable replication feature(do not install dell-csi-replicator sidecar) - # Default value: false - enabled: false - configVersion: v1.9.0 - components: - - name: dell-csi-replicator - # image: Image to use for dell-csi-replicator. This shouldn't be changed - # Allowed values: string - # Default value: None - image: registry.connect.redhat.com/dell-emc/dell-csi-replicator@sha256:d378bd9538dd73fca6f6837df6f01570f16e4d30aa6704588ecda4e39ce12668 - envs: - # replicationPrefix: prefix to prepend to storage classes parameters - # Allowed values: string - # Default value: replication.storage.dell.com - - name: "X_CSI_REPLICATION_PREFIX" - value: "replication.storage.dell.com" - # replicationContextPrefix: prefix to use for naming of resources created by replication feature - # Allowed values: string - - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" - value: "powerflex" - - name: dell-replication-controller-manager - # image: Defines controller image. This shouldn't be changed - # Allowed values: string - image: registry.connect.redhat.com/dell-emc/dell-replication-controller@sha256:d06408eb29f2da630bf46452f25cec022758d414ea7122618d7f1374e224b443 - envs: - # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID - # Set the value to "self" in case of stretched/single cluster configuration - # Allowed values: string - - name: "TARGET_CLUSTERS_IDS" - value: "target-cluster-1" - # Replication log level - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "debug" - - name: "REPLICATION_CTRL_LOG_LEVEL" - value: "debug" - # replicas: Defines number of controller replicas - # Allowed values: int - # Default value: 1 - - name: "REPLICATION_CTRL_REPLICAS" - value: "1" - # retryIntervalMin: Initial retry interval of failed reconcile request. - # It doubles with each failure, upto retry-interval-max - # Allowed values: time - - name: "RETRY_INTERVAL_MIN" - value: "1s" - # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request - # Allowed values: time - - name: "RETRY_INTERVAL_MAX" - value: "5m" - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 - imagePullPolicy: IfNotPresent - args: - - "--labelvalue=csi-vxflexos" - - "--skipArrayConnectionValidation=false" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - "--arrayConnectivityPollRate=5" - - "--arrayConnectivityConnectionLossThreshold=3" - # Below 3 args should not be modified. - - "--csisock=unix:/var/run/csi/csi.sock" - - "--mode=controller" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - - name: podmon-node - image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--labelvalue=csi-vxflexos" - - "--leaderelection=false" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - "--arrayConnectivityPollRate=5" - # Below 3 args should not be modified. - - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - - "--mode=node" - - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml b/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml deleted file mode 100644 index 26c16776d..000000000 --- a/samples/ocp/1.6.1/storage_csm_powerstore_v2111.yaml +++ /dev/null @@ -1,216 +0,0 @@ -# -# -# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# http://www.apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: powerstore - namespace: powerstore -spec: - driver: - csiDriverType: "powerstore" - csiDriverSpec: - # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array - # Allowed values: - # true: enable storage capacity tracking - # false: disable storage capacity tracking - storageCapacity: true - configVersion: v2.11.1 - # authSecret: This is the secret used to validate the default PowerStore secret used for installation - # Allowed values: -config - # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config - authSecret: powerstore-config - # Controller count - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - forceUpdate: false - forceRemoveDriver: true - common: - image: "registry.connect.redhat.com/dell-emc/csi-powerstore@sha256:df2c274f6be40a35ee6e1355ee58b8bf4e0e2f9351db45c19f94c1e8282f6533" - imagePullPolicy: IfNotPresent - envs: - - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX - value: "csi-node" - - name: X_CSI_FC_PORTS_FILTER_FILE_PATH - value: "/etc/fc-ports-filter" - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: /var/lib/kubelet - - name: KUBELET_CONFIG_DIR - value: /var/lib/kubelet - - name: CSI_LOG_LEVEL - value: debug - sideCars: - # 'csivol' represents a string prepended to each volume created by the CSI driver - - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 - args: ["--volume-name-prefix=csivol"] - - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 - - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac - - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 - - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c - - name: csi-metadata-retriever - image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - enabled: false - args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c - # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity - # Configure only when the storageCapacity is set as "true" - # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m - #- name: provisioner - # args: ["--capacity-poll-interval=5m"] - - controller: - envs: - # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory - # This value will be the default value if a storage class and array config in secret - # do not contain the NFS ACL (nfsAcls) parameter specified - # Permissions can be specified in two formats: - # 1) Unix mode (NFSv3) - # 2) NFSv4 ACLs (NFSv4) - # NFSv4 ACLs are supported on NFSv4 share only. - # Allowed values: - # 1) Unix mode: valid octal mode number - # Examples: "0777", "777", "0755" - # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma - # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" - # Optional: true - # Default value: "0777" - # nfsAcls: "0777" - - name: X_CSI_NFS_ACLS - value: "0777" - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. - # Allowed Values: x.x.x.x/xx or x.x.x.x - # Default Value: - - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS - value: - # nodeSelector: Define node selection constraints for controller pods. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controllers, if required. - # Leave as blank to install controller on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - node: - envs: - # Set to "true" to enable ISCSI CHAP Authentication - # CHAP password will be autogenerated by driver - - name: "X_CSI_POWERSTORE_ENABLE_CHAP" - value: "false" - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node - # Allowed values: Any value greater than or equal to 0 - # Default value: "0" - - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE - value: "0" - # nodeSelector: Define node selection constraints for node pods. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controllers, if required. - # Leave as blank to install controller on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - modules: - - name: resiliency - # enabled: Enable/Disable Resiliency feature - # Allowed values: - # true: enable Resiliency feature(deploy podmon sidecar) - # false: disable Resiliency feature(do not deploy podmon sidecar) - # Default value: false - enabled: false - configVersion: v1.10.0 - components: - - name: podmon-controller - image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 - imagePullPolicy: IfNotPresent - args: - - "--labelvalue=csi-powerstore" - - "--arrayConnectivityPollRate=60" - - "--skipArrayConnectionValidation=false" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - - "--arrayConnectivityConnectionLossThreshold=3" - # Below 4 args should not be modified. - - "--csisock=unix:/var/run/csi/csi.sock" - - "--mode=controller" - - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPath=csi-powerstore.dellemc.com" - - name: podmon-node - image: docker.io/dellemc/podmon@sha256:818d32881238b4f91fef65f5f800bcef180b612bd33c3ca9965571bc7b43cf26 - imagePullPolicy: IfNotPresent - envs: - # podmonAPIPort: Defines the port to be used within the kubernetes cluster - # Allowed values: Any valid and free port (string) - # Default value: 8083 - - name: "X_CSI_PODMON_API_PORT" - value: "8083" - args: - - "--labelvalue=csi-powerstore" - - "--arrayConnectivityPollRate=60" - - "--leaderelection=false" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - # Below 4 args should not be modified. - - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" - - "--mode=node" - - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPath=csi-powerstore.dellemc.com" \ No newline at end of file diff --git a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml b/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml deleted file mode 100644 index 4799b139b..000000000 --- a/samples/ocp/1.6.1/storage_csm_unity_v2111.yaml +++ /dev/null @@ -1,168 +0,0 @@ -apiVersion: storage.dell.com/v1 -kind: ContainerStorageModule -metadata: - name: unity - namespace: unity -spec: - driver: - csiDriverType: "unity" - csiDriverSpec: - # in OCP <= 4.16 and K8s <= 1.29, fsGroupPolicy is an immutable field - # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. - # Allowed values: ReadWriteOnceWithFSType, File , None - # Default value: ReadWriteOnceWithFSType - fSGroupPolicy: "ReadWriteOnceWithFSType" - # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array - # Allowed values: - # true: enable storage capacity tracking - # false: disable storage capacity tracking - storageCapacity: true - configVersion: v2.11.1 - # Controller count - replicas: 2 - dnsPolicy: ClusterFirstWithHostNet - forceUpdate: false - forceRemoveDriver: true - common: - image: "registry.connect.redhat.com/dell-emc/csi-unity@sha256:7f2abaf2c6dd92abc2824f4adc0aac929844452692e9c99cd7cdb99df1f7e129" - imagePullPolicy: IfNotPresent - envs: - # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. - # Allowed values: boolean - # Default value: "false" - # Examples : "true" , "false" - - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - value: "false" - - name: X_CSI_EPHEMERAL_STAGING_PATH - value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" - # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before - # running any iscsi commands. This value should only be set when instructed - # by technical support - - name: X_CSI_ISCSI_CHROOT - value: "/noderoot" - # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. - # Allowed values: integer - # Default value: 15 - # Examples : 0 , 2 - - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - value: "15" - # Specify kubelet config dir path. - # Ensure that the config.yaml file is present at this path. - # Default value: /var/lib/kubelet - - name: KUBELET_CONFIG_DIR - value: /var/lib/kubelet - # CSI_LOG_LEVEL is used to set the logging level of the driver. - # Allowed values: "error", "warn"/"warning", "info", "debug" - # Default value: "info" - - name: CSI_LOG_LEVEL - value: debug - # CSI driver log format - # Allowed values: "TEXT" or "JSON" - # Default value: "TEXT" - - name: CSI_LOG_FORMAT - value: "TEXT" - # TENANT_NAME - Tenant name that need to added while adding host entry to the array. - # Allowed values: string - # Default value: "" - # Examples : "tenant2" , "tenant3" - - name: TENANT_NAME - value: "" - # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for - # ssl authentication. (unity-cert-0..unity-cert-n) - # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false - # Allowed values: n, where n > 0 - # Default value: None - - name: CERT_SECRET_COUNT - value: "1" - # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. - # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate - # Allowed values: - # true: skip Unisphere API server's certificate verification - # false: verify Unisphere API server's certificates - # Default value: true - - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION - value: "true" - sideCars: - # 'csivol' represents a string prepended to each volume created by the CSI driver - - name: provisioner - image: registry.k8s.io/sig-storage/csi-provisioner@sha256:405a14e1aa702f7ea133cea459e8395fe40a6125c088c55569e696d48e1bd385 - args: ["--volume-name-prefix=csivol"] - - name: attacher - image: registry.k8s.io/sig-storage/csi-attacher@sha256:b4d611100ece2f9bc980d1cb19c2285b8868da261e3b1ee8f45448ab5512ab94 - - name: registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar@sha256:f25af73ee708ff9c82595ae99493cdef9295bd96953366cddf36305f82555dac - - name: resizer - image: registry.k8s.io/sig-storage/csi-resizer@sha256:a541e6cc2d8b011bb21b1d4ffec6b090e85270cce6276ee302d86153eec0af43 - - name: snapshotter - image: registry.k8s.io/sig-storage/csi-snapshotter@sha256:2e04046334baf9be425bb0fa1d04c2d1720d770825eedbdbcdb10d430da4ad8c - - name: csi-metadata-retriever - image: registry.connect.redhat.com/dell-emc/csi-metadata-retriever@sha256:abf97fc03ff59147ef0cd9ec3e58fcd5ef499aa9c13da53a8b99731884cb87d9 - # health monitor is disabled by default, refer to driver documentation before enabling it - - name: external-health-monitor - # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity - # Configure when the storageCapacity is set as "true" - # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m - # - name: provisioner - # args: ["--capacity-poll-interval=5m"] - - enabled: false - args: ["--monitor-interval=60s"] - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller@sha256:7ecd3509367bcc2db5d599cdff9f3afb6f13e7b664a10785dec2459c7ee50a9c - controller: - envs: - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. - # Install the 'external-health-monitor' sidecar accordingly. - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controllers, if required. - # Leave as blank to install controller on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" - node: - envs: - # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage - # Allowed values: - # true: enable checking of health condition of CSI volumes - # false: disable checking of health condition of CSI volumes - # Default value: false - - name: X_CSI_HEALTH_MONITOR_ENABLED - value: "false" - # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks (comma separated) - # Default value: "" - # Provide them in the following format: "net1, net2" - # CIDR format should be used - # eg: "192.168.1.0/24, 192.168.100.0/22" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - # nodeSelector: Define node selection constraints for node pods. - # For the pod to be eligible to run on a node, the node must have each - # of the indicated key-value pairs as labels. - # Leave as blank to consider all nodes - # Allowed values: map of key-value pairs - # Default value: None - nodeSelector: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # node-role.kubernetes.io/control-plane: "" - - # tolerations: Define tolerations for the controllers, if required. - # Leave as blank to install controller on worker nodes - # Default value: None - tolerations: - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint - # - key: "node-role.kubernetes.io/control-plane" - # operator: "Exists" - # effect: "NoSchedule" \ No newline at end of file From d72616d6ac15ae54837472ec36dbdfe1d95055f3 Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Fri, 27 Sep 2024 09:05:29 -0400 Subject: [PATCH 25/33] Bumped versions per PR comments --- .../manifests/dell-csm-operator.clusterserviceversion.yaml | 6 +++--- config/manager/manager.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 1dc250392..a649f095f 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4581,7 +4581,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.11.0 + storage.dell.com/CSMVersion: v1.11.1 labels: control-plane: controller-manager spec: @@ -4606,7 +4606,7 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.6.0 + value: docker.io/dellemc/dell-csm-operator:v1.6.1 - name: RELATED_IMAGE_csi-isilon value: docker.io/dellemc/csi-isilon:v2.11.0 - name: RELATED_IMAGE_csi-powermax @@ -4775,5 +4775,5 @@ spec: - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 name: cert-persister skips: - - dell-csm-operator.v1.5.1 + - dell-csm-operator.v1.6.0 version: 1.6.0 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index b18af8bf1..d1390d77a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -15,7 +15,7 @@ spec: labels: control-plane: controller-manager annotations: - storage.dell.com/CSMVersion: v1.11.0 + storage.dell.com/CSMVersion: v1.11.1 spec: serviceAccountName: manager-service-account securityContext: @@ -29,7 +29,7 @@ spec: imagePullPolicy: Always name: manager env: - - value: docker.io/dellemc/dell-csm-operator:v1.6.0 + - value: docker.io/dellemc/dell-csm-operator:v1.6.1 name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/csi-isilon:v2.11.0 name: RELATED_IMAGE_csi-isilon From d12453175c285d8cfad283513ba86bb91c1cbcdc Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Fri, 27 Sep 2024 09:09:04 -0400 Subject: [PATCH 26/33] Newlines added --- .../driverconfig/powerstore/v2.11.1/driver-config-params.yaml | 2 +- operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml index c775e7442..19960e910 100644 --- a/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml +++ b/operatorconfig/driverconfig/powerstore/v2.11.1/driver-config-params.yaml @@ -26,4 +26,4 @@ data: PODMON_CONTROLLER_LOG_LEVEL: "debug" PODMON_CONTROLLER_LOG_FORMAT: "JSON" PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file + PODMON_NODE_LOG_FORMAT: "JSON" diff --git a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml index 1ef295e21..01b17ef22 100644 --- a/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml +++ b/operatorconfig/driverconfig/unity/v2.11.1/csidriver.yaml @@ -9,4 +9,4 @@ spec: volumeLifecycleModes: - Persistent - Ephemeral - fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file + fsGroupPolicy: ReadWriteOnceWithFSType From cacf10952f13e02fbb60455569ec65e92cf55bf8 Mon Sep 17 00:00:00 2001 From: JacobGros Date: Fri, 27 Sep 2024 11:07:16 -0400 Subject: [PATCH 27/33] add 4.16 back to annotations.yaml --- bundle/metadata/annotations.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 4662e6dc9..566787536 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Annotations to specify supported OCP versions. - com.redhat.openshift.versions: "v4.15" + com.redhat.openshift.versions: "v4.15-v4.16" From 5c4dbc4cbd0c7252a72c4705f47f35d1f229a192 Mon Sep 17 00:00:00 2001 From: JacobGros Date: Fri, 27 Sep 2024 12:55:39 -0400 Subject: [PATCH 28/33] update auth images --- .../storage_csm_powermax_reverseproxy_authorization.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml index 6bbf5d2bd..176d687d4 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_reverseproxy_authorization.yaml @@ -245,8 +245,8 @@ spec: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.1" - image: dellemc/csipowermax-reverseproxy:nightly + # Example: "csipowermax-reverseproxy:v2.10.0" + image: dellemc/csipowermax-reverseproxy:v2.10.0 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -270,11 +270,11 @@ spec: configVersion: v1.11.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly + image: dellemc/csm-authorization-sidecar:v1.11.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server - name: "SKIP_CERTIFICATE_VALIDATION" - value: "true" \ No newline at end of file + value: "true" From 20b796c32e12b1bad3c5bcde054d03b6bdc4b4fa Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Fri, 27 Sep 2024 16:34:12 -0400 Subject: [PATCH 29/33] Some auth test fixes - pflex --- tests/e2e/go.sum | 1 + .../csm_authorization_proxy_server_n_minus_2.yaml | 10 +++++----- .../storage_csm_powerflex_auth_n_minus_1.yaml | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum index e3359b611..edbd49b38 100644 --- a/tests/e2e/go.sum +++ b/tests/e2e/go.sum @@ -136,6 +136,7 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml index e42666b4e..3e39ec937 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -32,10 +32,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.0 - tenantService: dellemc/csm-authorization-tenant:v1.9.0 - roleService: dellemc/csm-authorization-role:v1.9.0 - storageService: dellemc/csm-authorization-storage:v1.9.0 + proxyService: dellemc/csm-authorization-proxy:v1.9.1 + tenantService: dellemc/csm-authorization-tenant:v1.9.1 + roleService: dellemc/csm-authorization-role:v1.9.1 + storageService: dellemc/csm-authorization-storage:v1.9.1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml index 6dbe6a072..0fb3bff64 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml @@ -137,10 +137,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.11.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.11.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From 7b5e619888da728a0b90262f52c04130cc4b5d9f Mon Sep 17 00:00:00 2001 From: JacobGros Date: Mon, 30 Sep 2024 14:12:11 -0400 Subject: [PATCH 30/33] add checks for pre-existing roles and storage --- tests/e2e/steps/steps_def.go | 115 ++++++++++++++++++++++++++++------- 1 file changed, 92 insertions(+), 23 deletions(-) diff --git a/tests/e2e/steps/steps_def.go b/tests/e2e/steps/steps_def.go index bda25653a..0daf45abe 100644 --- a/tests/e2e/steps/steps_def.go +++ b/tests/e2e/steps/steps_def.go @@ -24,6 +24,8 @@ import ( csmv1 "github.com/dell/csm-operator/api/v1" + "encoding/json" + "github.com/dell/csm-operator/pkg/constants" "github.com/dell/csm-operator/pkg/modules" "github.com/dell/csm-operator/pkg/utils" @@ -1347,23 +1349,58 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, return fmt.Errorf("failed to write admin token: %v\nErrMessage:\n%s", err, string(b)) } - // Create storage - fmt.Println("\n=== Creating Storage ===\n ") + // Check for storage + fmt.Println("\n=== Checking Storage ===\n ") cmd := exec.Command("karavictl", "--admin-token", "/tmp/adminToken.yaml", - "storage", "create", - "--type", storageType, - "--endpoint", fmt.Sprintf("https://%s", endpoint), - "--system-id", sysID, - "--user", user, - "--password", password, - "--array-insecure", + "storage", "list", "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), ) - fmt.Println("=== Storage === \n", cmd.String()) + + //by default, assume we will create storage + skipStorage := false + + fmt.Println("=== Checking Storage === \n", cmd.String()) b, err = cmd.CombinedOutput() if err != nil { - return fmt.Errorf("failed to create storage %s: %v\nErrMessage:\n%s", storageType, err, string(b)) + return fmt.Errorf("failed to check storage %s: %v\nErrMessage:\n%s", storageType, err, string(b)) + } + + storage := make(map[string]json.RawMessage) + + err = json.Unmarshal(b, &storage) + if err != nil { + return fmt.Errorf("failed to marshall response:%s \nErrMessage:\n%s", string(b), err) + } + + for k, v := range storage { + if k == storageType { + fmt.Printf("Storage %s is already registered. \n It has the following config: %s \n", k, v) + skipStorage = true + } + } + + if !skipStorage { + + // Create storage + fmt.Println("\n=== Creating Storage ===\n ") + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "storage", "create", + "--type", storageType, + "--endpoint", fmt.Sprintf("https://%s", endpoint), + "--system-id", sysID, + "--user", user, + "--password", password, + "--array-insecure", + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + ) + fmt.Println("=== Storage === \n", cmd.String()) + b, err = cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to create storage %s: %v\nErrMessage:\n%s", storageType, err, string(b)) + } + } // Create Tenant @@ -1380,28 +1417,60 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, return fmt.Errorf("failed to create tenant %s: %v\nErrMessage:\n%s", tenantName, err, string(b)) } - // Create Role - fmt.Println("\n\n=== Creating Role ===\n ") - if storageType == "powerscale" { - quotaLimit = "0" - } + //By default, assume a role will be created + skipRole := false cmd = exec.Command("karavictl", "--admin-token", "/tmp/adminToken.yaml", - "role", "create", - fmt.Sprintf("--role=%s=%s=%s=%s=%s", - roleName, storageType, sysID, pool, quotaLimit), + "role", "list", "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), ) - fmt.Println("=== Role === \n", cmd.String()) + fmt.Println("=== Checking Roles === \n", cmd.String()) + b, err = cmd.CombinedOutput() if err != nil { - return fmt.Errorf("failed to create role %s: %v\nErrMessage:\n%s", roleName, err, string(b)) + return fmt.Errorf("failed to check roles: %v\nErrMessage:\n%s", err, string(b)) + } + + roles := make(map[string]json.RawMessage) + + err = json.Unmarshal(b, &roles) + if err != nil { + return fmt.Errorf("failed to marshall response:%s \nErrMessage:\n%s", string(b), err) } - // role creation take few seconds - time.Sleep(5 * time.Second) + for k, v := range roles { + if k == roleName { + fmt.Printf("Role %s is already created. \n It has the following config: %s \n", k, v) + skipRole = true + } + } + if !skipRole { + + // Create Role + fmt.Println("\n\n=== Creating Role ===\n ") + if storageType == "powerscale" { + quotaLimit = "0" + } + cmd = exec.Command("karavictl", + "--admin-token", "/tmp/adminToken.yaml", + "role", "create", + fmt.Sprintf("--role=%s=%s=%s=%s=%s", + roleName, storageType, sysID, pool, quotaLimit), + "--insecure", "--addr", fmt.Sprintf("%s:%s", proxyHost, port), + ) + + fmt.Println("=== Role === \n", cmd.String()) + b, err = cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("failed to create role %s: %v\nErrMessage:\n%s", roleName, err, string(b)) + } + + // role creation take few seconds + time.Sleep(5 * time.Second) + + } // Bind role fmt.Println("\n\n=== Creating RoleBinding ===\n ") cmd = exec.Command("karavictl", From e9f39a1be614afa27599b5095416bf9b90a48504 Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Mon, 30 Sep 2024 15:20:53 -0400 Subject: [PATCH 31/33] PR comment adjudication. --- .../manifests/dell-csm-operator.clusterserviceversion.yaml | 2 +- bundle/metadata/annotations.yaml | 2 +- tests/e2e/testfiles/storage_csm_powerflex_replica.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index a649f095f..b4e1e58a7 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4775,5 +4775,5 @@ spec: - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 name: cert-persister skips: - - dell-csm-operator.v1.6.0 + - dell-csm-operator.v1.6.1 version: 1.6.0 diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 566787536..c48f36d48 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Annotations to specify supported OCP versions. - com.redhat.openshift.versions: "v4.15-v4.16" + com.redhat.openshift.versions: v4.15-v4.16 diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index b72bc7d2b..0a995d9c2 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -22,7 +22,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:nightly" + image: "dellemc/csi-vxflexos:v2.11.0" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -178,7 +178,7 @@ spec: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:nightly + image: dellemc/dell-csi-replicator:v1.9.0 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -192,7 +192,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:nightly + image: dellemc/dell-replication-controller:v1.9.0 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration From def48f4d12361c7c1fb1b30b542b9af8a011497d Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Tue, 1 Oct 2024 11:07:30 -0400 Subject: [PATCH 32/33] Testing cleanup for authorization --- tests/e2e/steps/steps_def.go | 8 +- ...aml => csm-authorization-v2-template.yaml} | 0 ...=> csm_authorization_v1_proxy_server.yaml} | 0 ...authorization_v1_proxy_server_alt_ns.yaml} | 0 ...horization_v1_proxy_server_n_minus_1.yaml} | 12 +- ...uthorization_v1_proxy_server_no_cert.yaml} | 12 +- ...=> csm_authorization_v2_proxy_server.yaml} | 0 ...zation_v2_proxy_server_default_redis.yaml} | 0 tests/e2e/testfiles/pflex-pscale-values.yaml | 211 ------------------ tests/e2e/testfiles/scenarios.yaml | 43 ++-- .../testfiles/storage_csm_powerflex_auth.yaml | 4 +- .../storage_csm_powerflex_auth_n_minus_1.yaml | 8 +- 12 files changed, 44 insertions(+), 254 deletions(-) rename tests/e2e/testfiles/authorization-templates/{csm-authorization-template.yaml => csm-authorization-v2-template.yaml} (100%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server_no_cert.yaml => csm_authorization_v1_proxy_server.yaml} (100%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server_alt_ns.yaml => csm_authorization_v1_proxy_server_alt_ns.yaml} (100%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server_n_minus_1.yaml => csm_authorization_v1_proxy_server_n_minus_1.yaml} (94%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server_n_minus_2.yaml => csm_authorization_v1_proxy_server_no_cert.yaml} (90%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server.yaml => csm_authorization_v2_proxy_server.yaml} (100%) rename tests/e2e/testfiles/authorization-templates/{csm_authorization_proxy_server_default_redis.yaml => csm_authorization_v2_proxy_server_default_redis.yaml} (100%) delete mode 100644 tests/e2e/testfiles/pflex-pscale-values.yaml diff --git a/tests/e2e/steps/steps_def.go b/tests/e2e/steps/steps_def.go index 0daf45abe..c78b99d51 100644 --- a/tests/e2e/steps/steps_def.go +++ b/tests/e2e/steps/steps_def.go @@ -52,7 +52,7 @@ const ( var ( authString = "karavi-authorization-proxy" operatorNamespace = "dell-csm-operator" - quotaLimit = "30000000" + quotaLimit = "100000000" pflexSecretMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_PASS": "PFLEX_PASS", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM", "REPLACE_POOL": "PFLEX_POOL"} pflexAuthSecretMap = map[string]string{"REPLACE_USER": "PFLEX_USER", "REPLACE_SYSTEMID": "PFLEX_SYSTEMID", "REPLACE_ENDPOINT": "PFLEX_AUTH_ENDPOINT", "REPLACE_MDM": "PFLEX_MDM"} pscaleSecretMap = map[string]string{"REPLACE_CLUSTERNAME": "PSCALE_CLUSTER", "REPLACE_USER": "PSCALE_USER", "REPLACE_PASS": "PSCALE_PASS", "REPLACE_ENDPOINT": "PSCALE_ENDPOINT", "REPLACE_PORT": "PSCALE_PORT"} @@ -1262,8 +1262,8 @@ func (step *Step) configureAuthorizationProxyServer(res Resource, driver string, // AuthorizationV1Resources creates resources using karavictl for V1 versions of Authorization Proxy Server func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, driverNamespace string) error { - fmt.Println("=====Waiting for everything to be up and running, adding a sleep time of 60 seconds before creating the role, tenant and role binding===") - time.Sleep(60 * time.Second) + fmt.Println("=====Waiting for everything to be up and running, adding a sleep time of 120 seconds before creating the role, tenant and role binding===") + time.Sleep(120 * time.Second) var ( endpoint = "" sysID = "" @@ -1526,7 +1526,7 @@ func (step *Step) AuthorizationV1Resources(storageType, driver, port, proxyHost, func (step *Step) AuthorizationV2Resources(storageType, driver, driverNamespace, proxyHost, port, csmTenantName string) error { var ( crMap = "" - templateFile = "testfiles/authorization-templates/csm-authorization-template.yaml" + templateFile = "testfiles/authorization-templates/csm-authorization-v2-template.yaml" updatedTemplateFile = "" ) diff --git a/tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml b/tests/e2e/testfiles/authorization-templates/csm-authorization-v2-template.yaml similarity index 100% rename from tests/e2e/testfiles/authorization-templates/csm-authorization-template.yaml rename to tests/e2e/testfiles/authorization-templates/csm-authorization-v2-template.yaml diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml similarity index 100% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_alt_ns.yaml similarity index 100% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_alt_ns.yaml diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_n_minus_1.yaml similarity index 94% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_n_minus_1.yaml index aaf92390d..fd65dab6d 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_n_minus_1.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -32,10 +32,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.10.0 - tenantService: dellemc/csm-authorization-tenant:v1.10.0 - roleService: dellemc/csm-authorization-role:v1.10.0 - storageService: dellemc/csm-authorization-storage:v1.10.0 + proxyService: dellemc/csm-authorization-proxy:v1.10.1 + tenantService: dellemc/csm-authorization-tenant:v1.10.1 + roleService: dellemc/csm-authorization-role:v1.10.1 + storageService: dellemc/csm-authorization-storage:v1.10.1 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 @@ -73,7 +73,7 @@ spec: # to use a different storage class for redis, specify the name of the storage class # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization # Default value: None - storageclass: "" + storageclass: "local-storage" --- apiVersion: v1 diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml similarity index 90% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml index 3e39ec937..65e27fa9c 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.1 + configVersion: v1.11.0 forceRemoveModule: true components: # For Kubernetes Container Platform only @@ -32,10 +32,10 @@ spec: - name: proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.1 - tenantService: dellemc/csm-authorization-tenant:v1.9.1 - roleService: dellemc/csm-authorization-role:v1.9.1 - storageService: dellemc/csm-authorization-storage:v1.9.1 + proxyService: dellemc/csm-authorization-proxy:v1.11.0 + tenantService: dellemc/csm-authorization-tenant:v1.11.0 + roleService: dellemc/csm-authorization-role:v1.11.0 + storageService: dellemc/csm-authorization-storage:v1.11.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 @@ -73,7 +73,7 @@ spec: # to use a different storage class for redis, specify the name of the storage class # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization # Default value: None - storageclass: "local-storage" + storageclass: "" --- apiVersion: v1 diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml similarity index 100% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_v2_proxy_server_default_redis.yaml similarity index 100% rename from tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml rename to tests/e2e/testfiles/authorization-templates/csm_authorization_v2_proxy_server_default_redis.yaml diff --git a/tests/e2e/testfiles/pflex-pscale-values.yaml b/tests/e2e/testfiles/pflex-pscale-values.yaml deleted file mode 100644 index e1f0f8155..000000000 --- a/tests/e2e/testfiles/pflex-pscale-values.yaml +++ /dev/null @@ -1,211 +0,0 @@ -- scenario: "Install PowerScale Driver(Standalone)" - paths: - - "testfiles/storage_csm_powerscale.yaml" - modules: - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create storageclass with name [op-e2e-isilon] and template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" - - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - - "Apply custom resource [1]" - - "Validate custom resource [1]" - - "Validate [powerscale] driver from CR [1] is installed" - - "Run custom test" - # Last three steps perform Clean Up - - "Enable forceRemoveDriver on CR [1]" - - "Delete custom resource [1]" - - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - - "Restore template [testfiles/powerscale-templates/powerscale-storageclass-template.yaml] for [pscale]" - customTest: - name: Cert CSI - run: - - ./cert-csi test vio --sc op-e2e-isilon --chainNumber 2 --chainLength 2 - -- scenario: "Uninstall PowerScale Driver" - paths: - - "testfiles/storage_csm_powerscale.yaml" - modules: - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - - "Apply custom resource [1]" - - "Validate custom resource [1]" - - "Validate [powerscale] driver from CR [1] is installed" - - "Enable forceRemoveDriver on CR [1]" - - "Delete custom resource [1]" - - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - - "Validate [powerscale] driver from CR [1] is not installed" - -- scenario: "Install PowerFlex Driver(Standalone)" - paths: - - "testfiles/storage_csm_powerflex.yaml" - modules: - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Apply custom resource [1]" - - "Validate custom resource [1]" - - "Validate [powerflex] driver from CR [1] is installed" - - "Run custom test" - # Last two steps perform Clean Up - - "Enable forceRemoveDriver on CR [1]" - - "Delete custom resource [1]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - customTest: - name: Cert CSI - run: - - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - -- scenario: "Uninstall PowerFlex Driver" - paths: - - "testfiles/storage_csm_powerflex.yaml" - modules: - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Apply custom resource [1]" - - "Validate custom resource [1]" - - "Validate [powerflex] driver from CR [1] is installed" - - "Enable forceRemoveDriver on CR [1]" - - "Delete custom resource [1]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Validate [powerflex] driver from CR [1] is not installed" - -- scenario: "Install PowerFlex Driver (With Authorization)" - paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - - "testfiles/storage_csm_powerflex_auth.yaml" - modules: - - "authorization" - - "authorizationproxyserver" - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create [authorization-proxy-server] prerequisites from CR [1]" - - "Apply custom resource [1]" - - "Validate [authorization-proxy-server] module from CR [1] is installed" - - "Configure authorization-proxy-server for [powerflex] for CR [1]" - - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Set up secret with template [testfiles/powerflex-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [test-vxflexos] for [pflexAuthSidecar]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - - "Apply custom resource [2]" - - "Validate custom resource [2]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Run custom test" - # Last steps perform Clean Up - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [1]" - - "Delete custom resource [2]" - - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - customTest: - name: Cert CSI - run: - - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - -- scenario: "Install PowerFlex Driver(Standalone), Enable Authorization" - paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - - "testfiles/storage_csm_powerflex.yaml" - modules: - - "authorizationproxyserver" - - "authorization" - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create [authorization-proxy-server] prerequisites from CR [1]" - - "Apply custom resource [1]" - - "Validate [authorization-proxy-server] module from CR [1] is installed" - - "Configure authorization-proxy-server for [powerflex] for CR [1]" - - "Set up secret with template [testfiles/powerflex-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [test-vxflexos] for [pflexAuthSidecar]" - - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Apply custom resource [2]" - - "Validate custom resource [2]" - - "Validate [powersflex] driver from CR [2] is installed" - - "Validate [authorization] module from CR [2] is not installed" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - - "Enable [authorization] module from CR [2]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Validate [authorization] module from CR [2] is installed" - - "Run custom test" - # Last steps perform Clean Up - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [1]" - - "Delete custom resource [2]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" - customTest: - name: Cert CSI - run: - - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - -- scenario: Install PowerFlex Driver(With Authorization), Disable Authorization module" - paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" - - "testfiles/storage_csm_powerflex_auth.yaml" - modules: - - "authorization" - - "authorizationproxyserver" - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Create [authorization-proxy-server] prerequisites from CR [1]" - - "Apply custom resource [1]" - - "Validate [authorization-proxy-server] module from CR [1] is installed" - - "Configure authorization-proxy-server for [powerflex] for CR [1]" - - "Set up secret with template [testfiles/powerflex-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [test-vxflexos] for [pflexAuthSidecar]" - - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflexAuth]" - - "Apply custom resource [2]" - - "Validate custom resource [2]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Validate [authorization] module from CR [2] is installed" - - "Run custom test" - - "Disable [authorization] module from CR [2]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Validate [powerflex] driver from CR [2] is installed" - - "Validate [authorization] module from CR [2] is not installed" - - "Run custom test" - # Last steps perform Clean Up - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [1]" - - "Delete custom resource [2]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - - "Restore template [testfiles/powerflex-templates/csm-authorization-config.json] for [pflexAuthSidecar]" - customTest: - name: Cert CSI - run: - - ./cert-csi test vio --sc op-e2e-vxflexos --chainNumber 2 --chainLength 2 - -- scenario: "Install PowerScale Driver and PowerFlex Driver, uninstall PowerFlex Driver" - paths: - - "testfiles/storage_csm_powerscale.yaml" - - "testfiles/storage_csm_powerflex.yaml" - modules: - steps: - - "Given an environment with k8s or openshift, and CSM operator installed" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Set up secret with template [testfiles/powerscale-templates/powerscale-secret-template.yaml] name [isilon-creds] in namespace [isilon] for [pscale]" - - "Apply custom resource [1]" - - "Apply custom resource [2]" - - "Validate custom resource [1]" - - "Validate custom resource [2]" - - "Validate [powerscale] driver from CR [1] is installed" - - "Validate [powerflex] driver from CR [2] is installed" - - "Enable forceRemoveDriver on CR [2]" - - "Delete custom resource [2]" - - "Validate [powerscale] driver from CR [1] is installed" - - "Validate [powerflex] driver from CR [2] is not installed" - # Last four steps perform Clean Up - - "Enable forceRemoveDriver on CR [1]" - - "Delete custom resource [1]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - - "Restore template [testfiles/powerscale-templates/powerscale-secret-template.yaml] for [pscale]" - - - - diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 3484b8419..1dd96b3d5 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -2,7 +2,7 @@ - scenario: "Install Authorization Proxy Server V1" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml" tags: - "authorizationproxyserver" steps: @@ -13,11 +13,11 @@ - "Configure authorization-proxy-server for [powerscale] for CR [1]" - "Delete custom resource [1]" -# Upgrade from V1 to V2 is not supported +# Upgrade from V1 to V2 is not supported. This test is to install a previous version of Auth V1 and upgrade to the next. - scenario: "Install Authorization Proxy Server V1 and upgrade" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml" tags: - "authorizationproxyserver" steps: @@ -35,7 +35,7 @@ # Authorization V2 scenarios only supports powerflex driver - scenario: "Install Authorization Proxy Server V2" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" @@ -65,7 +65,7 @@ - scenario: "Install Authorization Proxy Server V2 With Default Redis Storage Class" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml" + - "testfiles/authorization-templates/csm_authorization_v2_proxy_server_default_redis.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: - "authorizationproxyserver" @@ -82,7 +82,7 @@ - scenario: "Install Authorization Proxy Server V1 with alternate namespace" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_alt_ns.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_alt_ns.yaml" tags: - "authorizationproxyserver" steps: @@ -96,11 +96,12 @@ - scenario: "Install Authorization Proxy Server & PowerFlex Driver (With Authorization V1), Upgrade both Authorization Proxy Server and PowerFlex Driver" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_2.yaml" # v1.9.1 - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" # v1.10.0 + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml" - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" tags: + - "powerflex" - "authorization" - "authorizationproxyserver" # - "sanity" @@ -263,7 +264,7 @@ - scenario: "Install PowerScale Driver(With Authorization V1)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_auth.yaml" tags: - "authorizationproxyserver" @@ -367,7 +368,7 @@ - scenario: "Install PowerScale Driver, Enable/Disable Authorization V1 module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale.yaml" tags: - "authorizationproxyserver" @@ -475,7 +476,7 @@ - scenario: "Install PowerScale Driver(With Authorization V1 and Observability)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_observability_auth.yaml" tags: - "authorizationproxyserver" @@ -513,7 +514,7 @@ - scenario: "Install PowerScale Driver(Standalone), Enable Authorization V1, Enable Observability" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale.yaml" tags: - "authorizationproxyserver" @@ -556,7 +557,7 @@ - scenario: "Install PowerScale Driver(With Authorization V1 and Observability), Disable Observability module, Disable Authorization module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerscale_observability_auth.yaml" tags: - "authorizationproxyserver" @@ -766,7 +767,7 @@ - scenario: "Install PowerFlex Driver (With Authorization V2)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: @@ -806,7 +807,7 @@ - scenario: "Install PowerFlex Driver (With Authorization V2), Upgrade driver and authorization sidecar" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml" - "testfiles/storage_csm_powerflex_auth_n_minus_1.yaml" - "testfiles/storage_csm_powerflex_auth.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" @@ -1017,7 +1018,7 @@ - scenario: "Install PowerFlex Driver(Standalone), Enable Authorization V1, Enable Observability" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerflex.yaml" tags: - "authorizationproxyserver" @@ -1059,7 +1060,7 @@ - scenario: "Install PowerFlex Driver(With Authorization V1 and Observability)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server_no_cert.yaml" - "testfiles/storage_csm_powerflex_observability_auth.yaml" tags: - "authorizationproxyserver" @@ -1096,7 +1097,7 @@ - scenario: Install PowerFlex Driver(With Authorization V2 and Observability), Disable Observability module, Disable Authorization module" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server.yaml" + - "testfiles/authorization-templates/csm_authorization_v2_proxy_server.yaml" - "testfiles/storage_csm_powerflex_observability_auth.yaml" - "testfiles/authorization-templates/csm_authorization_crds.yaml" tags: @@ -1613,9 +1614,9 @@ - "Restore template [testfiles/powermax-templates/powermax-storageclass-template.yaml] for [pmax]" - "Restore template [testfiles/powermax-templates/powermax-secret-template.yaml] for [pmaxCreds]" -- scenario: "Install PowerMax Driver (With Auth module)" +- scenario: "Install PowerMax Driver (With Auth V1 module)" paths: - - "testfiles/authorization-templates/csm_authorization_proxy_server_n_minus_1.yaml" + - "testfiles/authorization-templates/csm_authorization_v1_proxy_server.yaml" - "testfiles/storage_csm_powermax_reverseproxy_authorization.yaml" tags: - "authorizationproxyserver" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index 50f753747..d91df63e3 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -17,7 +17,7 @@ spec: forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:nightly" + image: "dellemc/csi-vxflexos:v2.11.0" imagePullPolicy: Always envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -132,7 +132,7 @@ spec: configVersion: v1.11.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:nightly + image: dellemc/csm-authorization-sidecar:v1.11.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml index 0fb3bff64..2a254d1d9 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth_n_minus_1.yaml @@ -11,13 +11,13 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.2 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.9.2" + image: "dellemc/csi-vxflexos:v2.10.1" imagePullPolicy: Always envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -137,10 +137,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.1 + configVersion: v1.10.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.1 + image: dellemc/csm-authorization-sidecar:v1.10.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" From bc9c0ac616a28d0f78f0a64aa58c3cc2aa6fd6ac Mon Sep 17 00:00:00 2001 From: Christian Coffield Date: Tue, 1 Oct 2024 13:38:13 -0400 Subject: [PATCH 33/33] Removed unnecessary secret creation from e2e test --- tests/e2e/testfiles/scenarios.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/e2e/testfiles/scenarios.yaml b/tests/e2e/testfiles/scenarios.yaml index 1dd96b3d5..751018b3c 100644 --- a/tests/e2e/testfiles/scenarios.yaml +++ b/tests/e2e/testfiles/scenarios.yaml @@ -113,8 +113,6 @@ - "Configure authorization-proxy-server for [powerflex] for CR [1]" - "Create storageclass with name [op-e2e-vxflexos] and template [testfiles/powerflex-templates/powerflex-storageclass-template.yaml] for [pflex]" - "Set up secret with template [testfiles/powerflex-templates/csm-authorization-config.json] name [karavi-authorization-config] in namespace [test-vxflexos] for [pflexAuthSidecar]" - - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflex]" - - "Restore template [testfiles/powerflex-templates/powerflex-secret-template.yaml] for [pflex]" - "Set up secret with template [testfiles/powerflex-templates/powerflex-secret-template.yaml] name [test-vxflexos-config] in namespace [test-vxflexos] for [pflexAuth]" - "Apply custom resource [3]" - "Validate custom resource [3]"