more cleanup

api/v1alpha1/humiobootstraptoken_types.go

@@ -30,46 +30,61 @@ const (
 
 // HumioBootstrapTokenSpec defines the bootstrap token that Humio will use to bootstrap authentication
 type HumioBootstrapTokenSpec struct {
-	// TODO: determine if we even want to reference the cluster here
-	// ManagedClusterName
+	// ManagedClusterName refers to the name of the HumioCluster which will use this bootstrap token
 	ManagedClusterName string `json:"managedClusterName,omitempty"`
-	// ExternalClusterName refers to an object of type HumioExternalCluster where the Humio resources should be created.
+	// ExternalClusterName refers to the name of the HumioExternalCluster which will use this bootstrap token for authentication
 	// This conflicts with ManagedClusterName.
 	ExternalClusterName string `json:"externalClusterName,omitempty"`
-
-	Image             string                     `json:"image,omitempty"`
-	TokenSecret       HumioTokenSecretSpec       `json:"tokenSecret,omitempty"`
+	// Image can be set to override the image used to run when generating a bootstrap token. This will default to the image
+	// that is used by either the HumioCluster resource or the first NodePool resource if ManagedClusterName is set on the HumioBootstrapTokenSpec
+	Image string `json:"bootstrapImage,omitempty"`
+	// ImagePullSecrets defines the imagepullsecrets for the bootstrap image onetime pod. These secrets are not created by the operator. This will default to the imagePullSecrets
+	// that are used by either the HumioCluster resource or the first NodePool resource if ManagedClusterName is set on the HumioBootstrapTokenSpec
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+	// Resources is the kubernetes resource limits for the bootstrap onetime pod
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+	// TokenSecret is the secret reference that contains the token to use for this HumioBootstrapToken. This is used if one wants to use an existing
+	// token for the BootstrapToken rather than letting the operator create one by running a bootstrap token onetime pod
+	TokenSecret HumioTokenSecretSpec `json:"tokenSecret,omitempty"`
+	// HashedTokenSecret is the secret reference that contains the hashed token to use for this HumioBootstrapToken. This is used if one wants to use an existing
+	// hashed token for the BootstrapToken rather than letting the operator create one by running a bootstrap token onetime pod
 	HashedTokenSecret HumioHashedTokenSecretSpec `json:"hashedTokenSecret,omitempty"`
 }
 
 type HumioTokenSecretSpec struct {
-	// TODO: we could clean this up by removing the "AutoCreate" and in docs explain if you want to use your own secret
-	// then create the secret before the bootstraptoken resource
-	AutoCreate   *bool                     `json:"autoCreate,omitempty"`
+	// SecretKeyRef is the secret key reference to a kubernetes secret containing the bootstrap token secret
 	SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
 }
 
 type HumioHashedTokenSecretSpec struct {
-	// TODO: maybe remove AutoCreate
-	AutoCreate   *bool                     `json:"autoCreate,omitempty"`
+	// SecretKeyRef is the secret key reference to a kubernetes secret containing the bootstrap hashed token secret
 	SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
 }
 
 type HumioBootstrapTokenStatus struct {
-	// TODO set the status. This is used by the HumioCluster resource to get the secret reference and load the secret. We don't want to rely on the spec
-	// here as the spec could be empty. Or do we want to
-	//Created                 bool                         `json:"created,omitempty"`
 	// State can be "NotReady" or "Ready"
-	State                   string                       `json:"state,omitempty"`
-	TokenSecretKeyRef       HumioTokenSecretStatus       `json:"tokenSecretStatus,omitempty"`
+	State string `json:"state,omitempty"`
+	// TokenSecretKeyRef contains the secret key reference to a kubernetes secret containing the bootstrap token secret. This is set regardless of whether it's defined
+	// in the spec or automatically created
+	TokenSecretKeyRef HumioTokenSecretStatus `json:"tokenSecretStatus,omitempty"`
+	// HashedTokenSecret is the secret reference that contains the hashed token to use for this HumioBootstrapToken. This is set regardless of whether it's defined
+	// in the spec or automatically created
 	HashedTokenSecretKeyRef HumioHashedTokenSecretStatus `json:"hashedTokenSecretStatus,omitempty"`
 }
 
+// HumioTokenSecretStatus contains the secret key reference to a kubernetes secret containing the bootstrap token secret. This is set regardless of whether it's defined
+// in the spec or automatically created
 type HumioTokenSecretStatus struct {
+	// SecretKeyRef contains the secret key reference to a kubernetes secret containing the bootstrap token secret. This is set regardless of whether it's defined
+	// in the spec or automatically created
 	SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
 }
 
+// HumioTokenSecretStatus contains the secret key reference to a kubernetes secret containing the bootstrap token secret. This is set regardless of whether it's defined
+// in the spec or automatically created
 type HumioHashedTokenSecretStatus struct {
+	// SecretKeyRef is the secret reference that contains the hashed token to use for this HumioBootstrapToken. This is set regardless of whether it's defined
+	// in the spec or automatically created
 	SecretKeyRef *corev1.SecretKeySelector `json:"secretKeyRef,omitempty"`
 }
 

charts/humio-operator/crds/core.humio.com_humiobootstraptokens.yaml

@@ -49,18 +49,27 @@ spec:
             description: HumioBootstrapTokenSpec defines the bootstrap token that
               Humio will use to bootstrap authentication
             properties:
+              bootstrapImage:
+                description: Image can be set to override the image used to run when
+                  generating a bootstrap token. This will default to the image that
+                  is used by either the HumioCluster resource or the first NodePool
+                  resource if ManagedClusterName is set on the HumioBootstrapTokenSpec
+                type: string
               externalClusterName:
-                description: ExternalClusterName refers to an object of type HumioExternalCluster
-                  where the Humio resources should be created. This conflicts with
-                  ManagedClusterName.
+                description: ExternalClusterName refers to the name of the HumioExternalCluster
+                  which will use this bootstrap token for authentication This conflicts
+                  with ManagedClusterName.
                 type: string
               hashedTokenSecret:
+                description: HashedTokenSecret is the secret reference that contains
+                  the hashed token to use for this HumioBootstrapToken. This is used
+                  if one wants to use an existing hashed token for the BootstrapToken
+                  rather than letting the operator create one by running a bootstrap
+                  token onetime pod
                 properties:
-                  autoCreate:
-                    description: 'TODO: maybe remove AutoCreate'
-                    type: boolean
                   secretKeyRef:
-                    description: SecretKeySelector selects a key of a Secret.
+                    description: SecretKeyRef is the secret key reference to a kubernetes
+                      secret containing the bootstrap hashed token secret
                     properties:
                       key:
                         description: The key of the secret to select from.  Must be
@@ -78,21 +87,84 @@ spec:
                     - key
                     type: object
                 type: object
-              image:
-                type: string
+              imagePullSecrets:
+                description: ImagePullSecrets defines the imagepullsecrets for the
+                  bootstrap image onetime pod. These secrets are not created by the
+                  operator. This will default to the imagePullSecrets that are used
+                  by either the HumioCluster resource or the first NodePool resource
+                  if ManagedClusterName is set on the HumioBootstrapTokenSpec
+                items:
+                  description: LocalObjectReference contains enough information to
+                    let you locate the referenced object inside the same namespace.
+                  properties:
+                    name:
+                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                        TODO: Add other useful fields. apiVersion, kind, uid?'
+                      type: string
+                  type: object
+                type: array
               managedClusterName:
-                description: 'TODO: determine if we even want to reference the cluster
-                  here ManagedClusterName'
+                description: ManagedClusterName refers to the name of the HumioCluster
+                  which will use this bootstrap token
                 type: string
+              resources:
+                description: Resources is the kubernetes resource limits for the bootstrap
+                  onetime pod
+                properties:
+                  claims:
+                    description: "Claims lists the names of resources, defined in
+                      spec.resourceClaims, that are used by this container. \n This
+                      is an alpha field and requires enabling the DynamicResourceAllocation
+                      feature gate. \n This field is immutable. It can only be set
+                      for containers."
+                    items:
+                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                      properties:
+                        name:
+                          description: Name must match the name of one entry in pod.spec.resourceClaims
+                            of the Pod where this field is used. It makes that resource
+                            available inside a container.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
+                  limits:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'Limits describes the maximum amount of compute resources
+                      allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                    type: object
+                  requests:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'Requests describes the minimum amount of compute
+                      resources required. If Requests is omitted for a container,
+                      it defaults to Limits if that is explicitly specified, otherwise
+                      to an implementation-defined value. Requests cannot exceed Limits.
+                      More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                    type: object
+                type: object
               tokenSecret:
+                description: TokenSecret is the secret reference that contains the
+                  token to use for this HumioBootstrapToken. This is used if one wants
+                  to use an existing token for the BootstrapToken rather than letting
+                  the operator create one by running a bootstrap token onetime pod
                 properties:
-                  autoCreate:
-                    description: 'TODO: we could clean this up by removing the "AutoCreate"
-                      and in docs explain if you want to use your own secret then
-                      create the secret before the bootstraptoken resource'
-                    type: boolean
                   secretKeyRef:
-                    description: SecretKeySelector selects a key of a Secret.
+                    description: SecretKeyRef is the secret key reference to a kubernetes
+                      secret containing the bootstrap token secret
                     properties:
                       key:
                         description: The key of the secret to select from.  Must be
@@ -114,9 +186,16 @@ spec:
           status:
             properties:
               hashedTokenSecretStatus:
+                description: HashedTokenSecret is the secret reference that contains
+                  the hashed token to use for this HumioBootstrapToken. This is set
+                  regardless of whether it's defined in the spec or automatically
+                  created
                 properties:
                   secretKeyRef:
-                    description: SecretKeySelector selects a key of a Secret.
+                    description: SecretKeyRef is the secret reference that contains
+                      the hashed token to use for this HumioBootstrapToken. This is
+                      set regardless of whether it's defined in the spec or automatically
+                      created
                     properties:
                       key:
                         description: The key of the secret to select from.  Must be
@@ -135,16 +214,19 @@ spec:
                     type: object
                 type: object
               state:
-                description: TODO set the status. This is used by the HumioCluster
-                  resource to get the secret reference and load the secret. We don't
-                  want to rely on the spec here as the spec could be empty. Or do
-                  we want to Created                 bool                         `json:"created,omitempty"`
-                  State can be "NotReady" or "Ready"
+                description: State can be "NotReady" or "Ready"
                 type: string
               tokenSecretStatus:
+                description: TokenSecretKeyRef contains the secret key reference to
+                  a kubernetes secret containing the bootstrap token secret. This
+                  is set regardless of whether it's defined in the spec or automatically
+                  created
                 properties:
                   secretKeyRef:
-                    description: SecretKeySelector selects a key of a Secret.
+                    description: SecretKeyRef contains the secret key reference to
+                      a kubernetes secret containing the bootstrap token secret. This
+                      is set regardless of whether it's defined in the spec or automatically
+                      created
                     properties:
                       key:
                         description: The key of the secret to select from.  Must be