diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/bundle.Dockerfile b/operators/pulsar-resources-operator/0.9.1-rc.4/bundle.Dockerfile new file mode 100644 index 00000000000..9cc4042d586 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/bundle.Dockerfile @@ -0,0 +1,21 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=pulsar-resources-operator +LABEL operators.operatorframework.io.bundle.channels.v1=alpha,beta,stable +LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.31.0 +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY bundle/manifests /manifests/ +COPY bundle/metadata /metadata/ +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml new file mode 100644 index 00000000000..5f429958c54 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-controller-manager-metrics-service_v1_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + control-plane: controller-manager + name: pulsar-resources-operator-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +status: + loadBalancer: {} diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..b0010382a50 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + # Copyright 2024 StreamNative + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: ed4866ca.streamnative.io +kind: ConfigMap +metadata: + name: pulsar-resources-operator-manager-config diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..aefabbcdb40 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,10 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: pulsar-resources-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator.clusterserviceversion.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator.clusterserviceversion.yaml new file mode 100644 index 00000000000..f0ba8615e96 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/pulsar-resources-operator.clusterserviceversion.yaml @@ -0,0 +1,1180 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "Secret", + "metadata": { + "name": "test-secret", + "namespace": "default" + }, + "spec": { + "apiServerRef": { + "name": "test-connection" + }, + "data": { + "key": "value" + }, + "instanceName": "test-instance", + "location": "useast1", + "type": "Opaque" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "ComputeFlinkDeployment", + "metadata": { + "name": "operator-test-v1", + "namespace": "default" + }, + "spec": { + "apiServerRef": { + "name": "test-connection" + }, + "template": { + "deployment": { + "spec": { + "deploymentTargetName": "default", + "maxJobCreationAttempts": 99, + "state": "RUNNING", + "template": { + "metadata": { + "annotations": { + "flink.queryable-state.enabled": "false", + "flink.security.ssl.enabled": "false" + } + }, + "spec": { + "artifact": { + "entryClass": "org.apache.beam.examples.WordCount", + "flinkImageTag": "1.18.1-stream3-scala_2.12-java17", + "flinkVersion": "1.18.1", + "jarUri": "function://public/default/flink-operator-test-beam-pulsar-io@1.19-snapshot", + "kind": "JAR", + "mainArgs": "--runner=FlinkRunner --attachedMode=false --checkpointingInterval=60000 --checkpointTimeoutMillis=100000 --minPauseBetweenCheckpoints=1000" + }, + "flinkConfiguration": { + "execution.checkpointing.externalized-checkpoint-retention": "RETAIN_ON_CANCELLATION", + "execution.checkpointing.interval": "1min", + "execution.checkpointing.timeout": "10min", + "high-availability.type": "kubernetes", + "state.backend": "filesystem", + "taskmanager.memory.managed.fraction": "0.2" + }, + "logging": { + "log4jLoggers": { + "": "DEBUG", + "com.company": "DEBUG" + }, + "loggingProfile": "default" + }, + "numberOfTaskManagers": 1, + "parallelism": 1, + "resources": { + "jobmanager": { + "cpu": "1", + "memory": "2G" + }, + "taskmanager": { + "cpu": "1", + "memory": "2G" + } + } + } + } + }, + "userMetadata": { + "displayName": "operator-test-v1", + "name": "operator-test-v1", + "namespace": "default" + } + }, + "syncingMode": "PATCH" + }, + "workspaceName": "test-operator-workspace" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "ComputeFlinkDeployment", + "metadata": { + "name": "operator-test-v2", + "namespace": "default" + }, + "spec": { + "template": { + "deployment": { + "spec": { + "deploymentTargetName": "default", + "maxJobCreationAttempts": 99, + "state": "RUNNING", + "template": { + "metadata": { + "annotations": { + "flink.queryable-state.enabled": "false", + "flink.security.ssl.enabled": "false" + } + }, + "spec": { + "artifact": { + "entryClass": "org.apache.beam.examples.WordCount", + "flinkImageTag": "1.18.1-stream3-scala_2.12-java17", + "flinkVersion": "1.18.1", + "jarUri": "function://public/default/flink-operator-test-beam-pulsar-io@1.19-snapshot", + "kind": "JAR", + "mainArgs": "--runner=FlinkRunner --attachedMode=false --checkpointingInterval=60000" + }, + "flinkConfiguration": { + "execution.checkpointing.externalized-checkpoint-retention": "RETAIN_ON_CANCELLATION", + "execution.checkpointing.interval": "1min", + "execution.checkpointing.timeout": "10min", + "high-availability.type": "kubernetes", + "state.backend": "filesystem", + "taskmanager.memory.managed.fraction": "0.2" + }, + "logging": { + "log4jLoggers": { + "": "DEBUG", + "com.company": "DEBUG" + }, + "loggingProfile": "default" + }, + "numberOfTaskManagers": 1, + "parallelism": 1, + "resources": { + "jobmanager": { + "cpu": "1", + "memory": "2G" + }, + "taskmanager": { + "cpu": "1", + "memory": "2G" + } + } + } + } + }, + "userMetadata": { + "displayName": "operator-test-v2", + "name": "operator-test-v2", + "namespace": "default" + } + }, + "syncingMode": "PATCH" + }, + "workspaceName": "test-operator-workspace" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "ComputeWorkspace", + "metadata": { + "name": "test-operator-workspace", + "namespace": "default" + }, + "spec": { + "apiServerRef": { + "name": "test-connection" + }, + "poolRef": { + "name": "shared", + "namespace": "streamnative" + }, + "pulsarClusterNames": [ + "test-pulsar" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarConnection", + "metadata": { + "name": "pulsarconnection-sample", + "namespace": "pulsar" + }, + "spec": { + "adminServiceURL": "http://c-sn-platform-broker.pulsar.svc.cluster.local:8080", + "authentication": { + "token": { + "secretRef": { + "key": "brokerClientAuthenticationParameters", + "name": "c-sn-platform-vault-secret-env-injection" + } + } + } + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarFunction", + "metadata": { + "name": "test-func", + "namespace": "default" + }, + "spec": { + "autoAck": true, + "className": "org.apache.pulsar.functions.api.examples.ExclamationFunction", + "cleanupSubscription": true, + "connectionRef": { + "name": "test-connection" + }, + "customRuntimeOptions": {}, + "deadLetterTopic": "dl-topic", + "exposePulsarAdminClientEnabled": false, + "forwardSourceMessageProperty": true, + "inputs": [ + "input" + ], + "jar": { + "url": "file:///pulsar/examples/api-examples.jar" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "logTopic": "func-log", + "maxMessageRetries": 101, + "name": "test-func", + "namespace": "default", + "output": "output", + "parallelism": 1, + "processingGuarantees": "ATLEAST_ONCE", + "retainKeyOrdering": true, + "retainOrdering": false, + "secrets": { + "SECRET1": { + "key": "hello", + "path": "sectest" + } + }, + "skipToLatest": true, + "subName": "test-sub", + "subscriptionPosition": "Latest", + "tenant": "public", + "timeoutMs": 6666 + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarGeoReplication", + "metadata": { + "labels": { + "app.kubernetes.io/created-by": "pulsar-resources-operator", + "app.kubernetes.io/instance": "pulsargeoreplication-sample", + "app.kubernetes.io/managed-by": "kustomize", + "app.kubernetes.io/name": "pulsargeoreplication", + "app.kubernetes.io/part-of": "pulsar-resources-operator" + }, + "name": "pulsargeoreplication-sample" + }, + "spec": { + "connectionRef": { + "name": "local-pulsarconnection" + }, + "destinationConnectionRef": { + "name": "remote-pulsarconnection" + } + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarNSIsolationPolicy", + "metadata": { + "name": "test-pulsar-ns-isolation-policy", + "namespace": "test" + }, + "spec": { + "autoFailoverPolicyParams": { + "min_limit": "1", + "usage_threshold": "80" + }, + "autoFailoverPolicyType": "min_available", + "cluster": "standalone", + "connectionRef": { + "name": "test-pulsar-connection" + }, + "name": "test-policy", + "namespaces": [ + "test-tenant/test-ns" + ], + "primary": [ + "test-pulsar-broker-0.*" + ], + "secondary": [ + "test-pulsar-broker-1.*" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarNamespace", + "metadata": { + "name": "pulsarnamespace-sample", + "namespace": "pulsar" + }, + "spec": { + "backlogQuotaLimitSize": "1Gi", + "backlogQuotaLimitTime": "2h", + "backlogQuotaRetentionPolicy": "producer_request_hold", + "bundles": 16, + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "maxConsumersPerSubscription": 4, + "maxConsumersPerTopic": 12, + "maxProducersPerTopic": 2, + "messageTTL": "1h", + "name": "tenant-one/testns", + "retentionSize": "2Gi", + "retentionTime": "20h" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPackage", + "metadata": { + "name": "pulsarpackage-sample", + "namespace": "pulsar" + }, + "spec": { + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "description": "test", + "fileURL": "https://www.apache.org/dyn/mirrors/mirrors.cgi?action=download\u0026filename=pulsar/pulsar-2.10.4/connectors/pulsar-io-file-2.10.4.nar", + "lifecyclePolicy": "CleanUpAfterDeletion", + "packageURL": "function://public/default/test@latest" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPermission", + "metadata": { + "name": "pulsarpermission-namespace", + "namespace": "pulsar" + }, + "spec": { + "actions": [ + "produce", + "consume" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "resourceName": "tenant-one/testns", + "resourceType": "namespace", + "roles": [ + "ironman" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarPermission", + "metadata": { + "name": "pulsarpermission-topic", + "namespace": "pulsar" + }, + "spec": { + "actions": [ + "produce", + "consume", + "functions" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "resourceName": "persistent://tenant-one/testns/topic123", + "resourceType": "topic", + "roles": [ + "superman" + ] + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarSink", + "metadata": { + "name": "test-pulsar-sink", + "namespace": "default" + }, + "spec": { + "archive": { + "url": "builtin://data-generator" + }, + "autoAck": true, + "className": "org.apache.pulsar.io.datagenerator.DataGeneratorPrintSink", + "cleanupSubscription": false, + "connectionRef": { + "name": "test-pulsar-connection" + }, + "customRuntimeOptions": {}, + "inputs": [ + "sink-input" + ], + "lifecyclePolicy": "CleanUpAfterDeletion", + "name": "test-pulsar-sink", + "namespace": "default", + "parallelism": 1, + "processingGuarantees": "EFFECTIVELY_ONCE", + "secrets": { + "SECRET1": { + "key": "hello", + "path": "sectest" + } + }, + "sourceSubscriptionPosition": "Latest", + "tenant": "public" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarSource", + "metadata": { + "name": "test-pulsar-source", + "namespace": "default" + }, + "spec": { + "archive": { + "url": "builtin://data-generator" + }, + "className": "org.apache.pulsar.io.datagenerator.DataGeneratorSource", + "configs": { + "sleepBetweenMessages": "1000" + }, + "connectionRef": { + "name": "test-pulsar-connection" + }, + "customRuntimeOptions": { + "sleepBetweenMessages": "1000" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "name": "test-pulsar-source", + "namespace": "default", + "parallelism": 1, + "processingGuarantees": "ATLEAST_ONCE", + "secrets": { + "SECRET1": { + "key": "hello", + "path": "sectest" + } + }, + "tenant": "public", + "topicName": "sink-input" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarTenant", + "metadata": { + "name": "pulsartenant-sample", + "namespace": "pulsar" + }, + "spec": { + "adminRoles": [ + "admin", + "ops", + "devops" + ], + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "name": "tenant-one" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "PulsarTopic", + "metadata": { + "name": "pulsartopic-sample", + "namespace": "pulsar" + }, + "spec": { + "connectionRef": { + "name": "pulsarconnection-sample" + }, + "lifecyclePolicy": "CleanUpAfterDeletion", + "maxConsumers": 9, + "maxProducers": 4, + "messageTTL": "1h", + "name": "persistent://tenant-one/testns/topic123" + } + }, + { + "apiVersion": "resource.streamnative.io/v1alpha1", + "kind": "StreamNativeCloudConnection", + "metadata": { + "name": "test-connection", + "namespace": "default" + }, + "spec": { + "auth": { + "credentialsRef": { + "name": "test-credentials" + } + }, + "organization": "org", + "server": "https://api.streamnative.dev" + } + } + ] + capabilities: Auto Pilot + categories: Streaming & Messaging + containerImage: olm.streamnative.io/streamnativeio/pulsar-resources-operator:v0.9.1-rc.4 + createdAt: "2025-04-14T09:32:56Z" + description: Authored by StreamNative, this Pulsar Resources Operator manages + the Pulsar resources automatically using the manifest on Kubernetes. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operators.openshift.io/valid-subscription: '["StreamNative Private Cloud License"]' + operators.operatorframework.io/builder: operator-sdk-v1.31.0 + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + support: StreamNative, Inc. + name: pulsar-resources-operator.v0.9.1-rc.4 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - kind: ComputeFlinkDeployment + name: computeflinkdeployments.resource.streamnative.io + version: v1alpha1 + - kind: ComputeWorkspace + name: computeworkspaces.resource.streamnative.io + version: v1alpha1 + - description: PulsarConnection is the Schema for the pulsarconnections API + displayName: Pulsar Connection + kind: PulsarConnection + name: pulsarconnections.resource.streamnative.io + version: v1alpha1 + - description: PulsarFunction is the Schema for the pulsarfunctions API + displayName: Pulsar Function + kind: PulsarFunction + name: pulsarfunctions.resource.streamnative.io + version: v1alpha1 + - description: PulsarGeoReplication is the Schema for the pulsargeoreplications + API + displayName: Pulsar GeoReplication + kind: PulsarGeoReplication + name: pulsargeoreplications.resource.streamnative.io + version: v1alpha1 + - description: PulsarNamespace is the Schema for the pulsarnamespaces API + displayName: Pulsar Namespace + kind: PulsarNamespace + name: pulsarnamespaces.resource.streamnative.io + version: v1alpha1 + - kind: PulsarNSIsolationPolicy + name: pulsarnsisolationpolicies.resource.streamnative.io + version: v1alpha1 + - description: PulsarPackage is the Schema for the pulsarpackages API + displayName: Pulsar Package + kind: PulsarPackage + name: pulsarpackages.resource.streamnative.io + version: v1alpha1 + - description: PulsarPermission is the Schema for the pulsarpermissions API + displayName: Pulsar Permission + kind: PulsarPermission + name: pulsarpermissions.resource.streamnative.io + version: v1alpha1 + - description: PulsarSink is the Schema for the pulsarsinks API + displayName: Pulsar Sink + kind: PulsarSink + name: pulsarsinks.resource.streamnative.io + version: v1alpha1 + - description: PulsarSource is the Schema for the pulsarsources API + displayName: Pulsar Source + kind: PulsarSource + name: pulsarsources.resource.streamnative.io + version: v1alpha1 + - description: PulsarTenant is the Schema for the pulsartenants API + displayName: Pulsar Tenant + kind: PulsarTenant + name: pulsartenants.resource.streamnative.io + version: v1alpha1 + - description: PulsarTopic is the Schema for the pulsartopics API + displayName: Pulsar Topic + kind: PulsarTopic + name: pulsartopics.resource.streamnative.io + version: v1alpha1 + - kind: Secret + name: secrets.resource.streamnative.io + version: v1alpha1 + - kind: StreamNativeCloudConnection + name: streamnativecloudconnections.resource.streamnative.io + version: v1alpha1 + description: | + Authored by [StreamNative](https://streamnative.io), this Pulsar Resources Operator is a controller that manages the Pulsar resources automatically using the manifest on Kubernetes. Therefore, you can manage the Pulsar resources without the help of `pulsar-admin` or `pulsarctl` CLI tool. It is useful for initializing basic resources when creating a new Pulsar cluster. + displayName: Pulsar Resources Operator + icon: + - base64data: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgd2lkdGg9Ijc2OCIgaGVpZ2h0PSI3NjgiPgo8cGF0aCBkPSJNMCAwIEMyNTMuNDQgMCA1MDYuODggMCA3NjggMCBDNzY4IDI1My40NCA3NjggNTA2Ljg4IDc2OCA3NjggQzUxNC41NiA3NjggMjYxLjEyIDc2OCAwIDc2OCBDMCA1MTQuNTYgMCAyNjEuMTIgMCAwIFogIiBmaWxsPSIjRkVGRUZFIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSgwLDApIi8+CjxwYXRoIGQ9Ik0wIDAgQzYuMjYxOTA0MjkgMC4wMjUyOTg2IDEyLjUyMzgxOTMzIDAuMDI3Mzc3NzcgMTguNzg1NzY2ODQgMC4wMzIxMDE2MyBDMjkuOTMxNDgzODUgMC4wNDM3NTA0OSA0MS4wNzcwNjUzNSAwLjA3MjUwODUgNTIuMjIyNzIwOSAwLjExMDY3MjUgQzYyLjMzMjQ0ODU0IDAuMTQ1MTAyNDcgNzIuNDQyMTUxOTcgMC4xNjk5ODg0NyA4Mi41NTE5MjU5IDAuMTg1ODQ5MTkgQzgzLjIxOTg5MzM2IDAuMTg2OTAwMDggODMuODg3ODYwODMgMC4xODc5NTA5OCA4NC41NzYwNjk3MyAwLjE4OTAzMzcyIEM4Ny45MjgxNjI1MSAwLjE5NDI1NTExIDkxLjI4MDI1NTUxIDAuMTk5MzA5NjQgOTQuNjMyMzQ4NjYgMC4yMDQyODEzMyBDMTIyLjI5NzExMTkyIDAuMjQ1ODk4MzQgMTQ5Ljk2MTc0MTgyIDAuMzE2MDg2OTEgMTc3LjYyNjM4ODc5IDAuNDA1NTc1NzUgQzE3Ny42NDAzODA1NiAyLjk1NzE5MDA4IDE3Ny42NTA1NzQyMSA1LjUwODcyNjU1IDE3Ny42NTg2MTUzNSA4LjA2MDM2MDkxIEMxNzcuNjYyOTM1NzIgOC43NzcyMDU1NCAxNzcuNjY3MjU2MSA5LjQ5NDA1MDE4IDE3Ny42NzE3MDczOSAxMC4yMzI2MTczOCBDMTc3LjY4NDkyODExIDE1LjgzNDM5NjE1IDE3Ny4yNjMxOTI3MSAyMS4yNDU1OTk3MiAxNzYuMzc2Mzg4NzkgMjYuNzgwNTc1NzUgQzE3Ni4xNzUwNTMzNCAyOC4wOTk2NDkyNCAxNzYuMTc1MDUzMzQgMjguMDk5NjQ5MjQgMTc1Ljk2OTY1MDUxIDI5LjQ0NTM3MDY3IEMxNjkuOTA1MTQyMTYgNjcuNzk1Mjc5MjUgMTU1LjMwNjU0MTQ1IDEwNS42MDE4MjE5NCAxMjguNjI2Mzg4NzkgMTM0LjQwNTU3NTc1IEMxMjcuNzY2NTg0MSAxMzUuMzQ2NTkxMzggMTI2LjkwNjc3OTQxIDEzNi4yODc2MDcgMTI2LjAyMDkyMDA0IDEzNy4yNTcxMzgyNSBDMTA1Ljk3NjEyMTQ0IDE1OC4yNzkwMDk3NSA3OS44MTgxODk1NCAxNzAuNzYwMTU4ODMgNTEuNjI2Mzg4NzkgMTc2LjQwNTU3NTc1IEM1MC4wNDI3NzU1MSAxNzYuNzQ1ODg4MjUgNTAuMDQyNzc1NTEgMTc2Ljc0NTg4ODI1IDQ4LjQyNzE3MDA0IDE3Ny4wOTMwNzU3NSBDMzIuMDA0ODE4MTUgMTgwLjA2MDIyNTkxIDE0LjM2NzQ0MTMzIDE3OS4zNDEyNjU3NSAtMi4wNjExMTEyMSAxNzYuOTA1NTc1NzUgQy0zMC43NzU4NDMxMiAxNzIuNzE3MDQ1MDcgLTYwLjA1MzI1NDAzIDE3NC40NjkyMjQ1MiAtODcuMzczNjExMjEgMTg0LjQwNTU3NTc1IEMtODguMDQ2MTc5NTcgMTg0LjY0Njc5MTU3IC04OC43MTg3NDc5MyAxODQuODg4MDA3MzkgLTg5LjQxMTY5NzE1IDE4NS4xMzY1MzI3OCBDLTExMS4wODc4MjE3MyAxOTMuMDE3MjgyNzMgLTEyOS45MDU3Njk0OSAyMDUuMzIwMTUxMjUgLTE0Ni4zNzM2MTEyMSAyMjEuNDA1NTc1NzUgQy0xNDcuMjEwMjEyNzcgMjIyLjE4MDMwMjMxIC0xNDguMDQ2ODE0MzQgMjIyLjk1NTAyODg4IC0xNDguOTA4NzY3NDYgMjIzLjc1MzIzMiBDLTE4MS4yMTM0OTEwNyAyNTQuNDE5NjgxMTkgLTE5MS41MjMyMjEwNSAyOTUuODAwOTAyNjkgLTE5Ni4zNzM2MTEyMSAzMzguNDA1NTc1NzUgQy0xOTkuNzczNTk0NSAzMzUuMTAyNTA1MTcgLTIwMi40NTk1ODA4NyAzMzEuNjA0MzM2MzMgLTIwNS4wNjExMTEyMSAzMjcuNjU1NTc1NzUgQy0yMDUuNDkzMTg4ODUgMzI3LjAwMzA2ODQzIC0yMDUuOTI1MjY2NDkgMzI2LjM1MDU2MTEgLTIwNi4zNzA0MzczOCAzMjUuNjc4MjgwODMgQy0yMTAuNzIzOTU2OTYgMzE5LjAxMzQ2NyAtMjE0LjY2MTA5ODYgMzEyLjEzNjUxMDgxIC0yMTguNDQwOTk0MDIgMzA1LjEzMzExNDgxIEMtMjE5LjIyODY0MjMxIDMwMy42NzQxMDk3NyAtMjIwLjAzMDA2NTU3IDMwMi4yMjI1NTM3MiAtMjIwLjgzNDU0ODcxIDMwMC43NzI3NjMyNSBDLTIyNC42MDc4MDM4NCAyOTMuNjgyODg4OTYgLTIyNy4wODc3ODc4MyAyODYuMTIwODYzMjEgLTIyOS42NDYwNzIxNSAyNzguNTMxMDY0MDMgQy0yMzAuMzEyOTAzMzIgMjc2LjU4MjkzMjQyIC0yMzEuMDE3MjIxODcgMjc0LjY0NzczNzM5IC0yMzEuNzI1MTczNzEgMjcyLjcxNDE2OTUgQy0yNDguNDI3NjM3ODUgMjI2LjAzOTQ5MjEyIC0yNDQuNTA0NjMyNCAxNjkuMDA0MzA4MjggLTIyMy40OTg2MTEyMSAxMjQuMzY2NTEzMjUgQy0yMjEuNTQ4NjE0MzkgMTIwLjMzMDEyNTg3IC0yMTkuNDg0MzI4MiAxMTYuMzU5ODY4OTQgLTIxNy4zNzM2MTEyMSAxMTIuNDA1NTc1NzUgQy0yMTYuNzU3NDM5MzQgMTExLjI0NDEzMDQ0IC0yMTYuMTQxMjY3NDYgMTEwLjA4MjY4NTEzIC0yMTUuNTA2NDIzNzEgMTA4Ljg4NjA0NDUgQy0yMDguMDAyMjc0NjUgOTUuMjYzMzY3MjcgLTE5OS4wNjc5MjM3IDgyLjcwMjA5MjI0IC0xODguMzczNjExMjEgNzEuNDA1NTc1NzUgQy0xODcuMjAwOTMyNTEgNzAuMDU2NjEyMDIgLTE4Ni4wMzQwMDQ4NyA2OC43MDI2MjE2NCAtMTg0Ljg3MzYxMTIxIDY3LjM0MzA3NTc1IEMtMTY5LjE2MTM0MTU1IDQ5LjM0NDcyNTI4IC0xNTAuMjY0MjkwMjggMzUuNzUwMjQ0OTcgLTEyOS4zNzM2MTEyMSAyNC40MDU1NzU3NSBDLTEyOC43NTgwODM4NyAyNC4wNjY4NzQ1OCAtMTI4LjE0MjU1NjUyIDIzLjcyODE3MzQxIC0xMjcuNTA4Mzc2ODQgMjMuMzc5MjA4NTYgQy0xMTEuMjI4NDc5MTkgMTQuNDk2NzMzMDUgLTkzLjQ1NDYyMzA5IDguMzU0MzU4NDUgLTc1LjM3MzYxMTIxIDQuNDA1NTc1NzUgQy03NC41NTIwOTI1NiA0LjIyNDI3MzY0IC03My43MzA1NzM5MSA0LjA0Mjk3MTUzIC03Mi44ODQxNjA3NiAzLjg1NjE3NTQyIEMtNDguODkxOTkxNzQgLTEuMTQ0NTk4MTkgLTI0LjM2OTczNjYyIC0wLjExNTM0MDc5IDAgMCBaICIgZmlsbD0iIzAwOTFGRSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNDE5LjM3MzYxMTIxMTc3NjczLDQwLjU5NDQyNDI0Nzc0MTcpIi8+CjxwYXRoIGQ9Ik0wIDAgQzMuNDc3MDY0OTggMy4yMTQ0OTQ4NiA2LjA5NjczNTc5IDYuODE1ODE5NzkgOC42ODc1IDEwLjc1IEM5LjMzODg3OTM5IDExLjczNzQ2MjE2IDkuMzM4ODc5MzkgMTEuNzM3NDYyMTYgMTAuMDAzNDE3OTcgMTIuNzQ0ODczMDUgQzE4LjM1MTU4MzQ1IDI1LjU2MTI2Mjk1IDI1LjE0MDI3NTc3IDM4Ljg3ODU2MDU5IDMxIDUzIEMzMS4zOTk2MDkzNyA1My45NjE2NDA2MiAzMS43OTkyMTg3NSA1NC45MjMyODEyNSAzMi4yMTA5Mzc1IDU1LjkxNDA2MjUgQzM3LjUyMzkyODA5IDY5LjY0MjgzMDE4IDQwLjc2MjMxMjU4IDg0LjQ3OTgxNjMxIDQzIDk5IEM0My4xMDQ0MTQwNiA5OS42NjcyNTA5OCA0My4yMDg4MjgxMyAxMDAuMzM0NTAxOTUgNDMuMzE2NDA2MjUgMTAxLjAyMTk3MjY2IEM1MS4yNTM5MzkwNSAxNTQuMDEwMDI3ODcgMzYuNjUzMTE4MDcgMjA4LjU5NDIyMDgyIDUuMzI4MTI1IDI1MS43MzA0Njg3NSBDMC45MTU5NzY1IDI1Ny42NDg4OTQ3OCAtMy44NDQ1NTMxIDI2My4yMzQ5OTg3IC04Ljg0NzY1NjI1IDI2OC42NjAxNTYyNSBDLTEwLjk2NzE2NjE0IDI3MC45NjQzMDU4NCAtMTMuMDE0MzUzNDIgMjczLjMxOTk1NDM0IC0xNS4wNjI1IDI3NS42ODc1IEMtMTguNzYyNzgwNjkgMjc5Ljg0NTc3MjIxIC0yMi43MzEyNzM4NSAyODMuNDM5MDAzMzEgLTI3IDI4NyBDLTI4LjMwOTA0Mjk3IDI4OC4xNDA4MjAzMSAtMjguMzA5MDQyOTcgMjg4LjE0MDgyMDMxIC0yOS42NDQ1MzEyNSAyODkuMzA0Njg3NSBDLTM2Ljc2NjE2MzA2IDI5NS40MjUyODY3MyAtNDQuMjAxODYyOTkgMzAwLjc2NTkzMzMzIC01Mi4xMjUgMzA1LjgwMTc1NzgxIEMtNTMuODg4ODQ4NzQgMzA2LjkyODk2NzQgLTU1LjYzMTkzODE3IDMwOC4wODMyMTUwNSAtNTcuMzc1IDMwOS4yNDIxODc1IEMtOTEuNTc2MDgyNzQgMzMxLjQxOTQ5MDU0IC0xMzEuODczMzI1OTEgMzM4LjE4NTYzMDUyIC0xNzEuODMzMDA3ODEgMzM4LjExMzUyNTM5IEMtMTc0LjAzMTc5NDIyIDMzOC4xMTMyNDI5NSAtMTc2LjIzMDU4MDcyIDMzOC4xMTM0MDIzNyAtMTc4LjQyOTM2NzA3IDMzOC4xMTM5Njc5IEMtMTg0LjM2ODU1ODAzIDMzOC4xMTQyNTM2MyAtMTkwLjMwNzcyODYxIDMzOC4xMDgzOTMwNiAtMTk2LjI0NjkxNDg2IDMzOC4xMDEzOTM5NCBDLTIwMi40NjQ4ODE0NyAzMzguMDk1MTIzMTYgLTIwOC42ODI4NDg1OSAzMzguMDk0NTUzNjYgLTIxNC45MDA4MTc4NyAzMzguMDkzMzY4NTMgQy0yMjUuOTk0Mzg5MDcgMzM4LjA5MDQ0MjI5IC0yMzcuMDg3OTUxODcgMzM4LjA4MzIyOTI2IC0yNDguMTgxNTE5MjQgMzM4LjA3MzcyNTgxIEMtMjU4LjI0ODc3OTI5IDMzOC4wNjUxNDc1NCAtMjY4LjMxNjAzNzg1IDMzOC4wNTg5MTAxMSAtMjc4LjM4MzMwMDc4IDMzOC4wNTQ5MzE2NCBDLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI3OS4zNzc3MjE3OCAzMzguMDU0NTM3NTYgLTI4MC4zOTIyMzIwOSAzMzguMDU0MTM1NTEgQy0yODMuNzE4NDMyMzUgMzM4LjA1MjgzMDM2IC0yODcuMDQ0NjMyNjMgMzM4LjA1MTU2ODk0IC0yOTAuMzcwODMyOTIgMzM4LjA1MDMyMzYxIEMtMzE3LjkxMzg5Mzc5IDMzOC4wMzk4ODQwMyAtMzQ1LjQ1Njk0NjM3IDMzOC4wMjIzMDU4NiAtMzczIDMzOCBDLTM3My4wMTk0NjczIDMzNC44MDk3NDE3NSAtMzczLjAzMTE0NzMyIDMzMS42MTk0OTkwMyAtMzczLjA0MTUwMzkxIDMyOC40MjkxOTkyMiBDLTM3My4wNDcwNjgwMiAzMjcuNTMyODMyNDkgLTM3My4wNTI2MzIxNCAzMjYuNjM2NDY1NzYgLTM3My4wNTgzNjQ4NyAzMjUuNzEyOTM2NCBDLTM3My4wNzUzMzM4NyAzMTguNzMzNDg0MTQgLTM3Mi41NDU2Njg1NiAzMTIuMDExNzQ4OTUgLTM3MS4zNzUgMzA1LjEyNSBDLTM3MS4xOTg5NjI0IDMwNC4wNDIwMjYzNyAtMzcxLjAyMjkyNDggMzAyLjk1OTA1MjczIC0zNzAuODQxNTUyNzMgMzAxLjg0MzI2MTcyIEMtMzY4LjI2MDU4OTIgMjg2Ljc1ODQ0OTY3IC0zNjQuNDg0NDc2NzcgMjcxLjkwMzgzMjA5IC0zNTggMjU4IEMtMzU3LjM4MjQ0NTQ0IDI1Ni41ODYwOTc3NiAtMzU2Ljc2NTI5OTIyIDI1NS4xNzIwMTcxNSAtMzU2LjE0ODQzNzUgMjUzLjc1NzgxMjUgQy0zNTAuNTg5ODg0OSAyNDEuMjQzOTM2MTUgLTM0NC4wNTYwNjk1OCAyMjkuMDgyODI4MTcgLTMzNiAyMTggQy0zMzUuNjEzNDQyMzggMjE3LjQ2NjgxMTUyIC0zMzUuMjI2ODg0NzcgMjE2LjkzMzYyMzA1IC0zMzQuODI4NjEzMjggMjE2LjM4NDI3NzM0IEMtMzEyLjExNDU2MzAzIDE4NS4yOTA5ODYwMiAtMjc5LjM3NDk2ODMyIDE2Ny42ODE4MDYxNCAtMjQxLjgwNzg2MTMzIDE2MS40MjExNDI1OCBDLTIyMy44NDk5Nzc1NyAxNTguNzI3Njk0MjMgLTIwNi4xODE0NjE3MiAxNTkuNzkxNDkwNjcgLTE4OC4yNSAxNjIgQy0xNjEuNTkyOTg2NzggMTY1LjI0NTAzOTUzIC0xMzYuNTIyNTEwMTEgMTY0LjQ1MzgwMjM0IC0xMTEgMTU1IEMtMTA5Ljc2NTA3ODEzIDE1NC41NDc1MzkwNiAtMTA4LjUzMDE1NjI1IDE1NC4wOTUwNzgxMiAtMTA3LjI1NzgxMjUgMTUzLjYyODkwNjI1IEMtNjUuOTU2ODU4NjEgMTM4LjAyMzEwNzA4IC0zNC41NjU4NzcxMSAxMDguMTE0NDYwNjMgLTE1LjMyNDIxODc1IDY4LjU1NDY4NzUgQy01LjM2Njk4Njk2IDQ2LjM3NjA0NzE4IC0xLjg2ODg4NDM1IDI0LjA0NzIwNjcyIDAgMCBaICIgZmlsbD0iIzAwOTFGRiIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoNTUyLDM5MCkiLz4KPHBhdGggZD0iTTAgMCBDMTUuNTI0NzIxNDcgMTEuMjA1MzQzMzIgMjUuNjkzNzY2MTYgMjUuMTE4MTM5ODcgMjkuNTExNzE4NzUgNDQuMTA5Mzc1IEMzMS43MjMzNTE4NiA2MC44NjA4NTM1IDI4LjQ3MDMwMDQ4IDc3LjA2MDk1MzY5IDE4LjkwNjI1IDkxLjA5NzY1NjI1IEM4LjI1NTM4MTgxIDEwNC44MzUwNjg1NyAtNi41MjM0MzgwNSAxMTYuNTU2ODk5OTYgLTI0LjI0MjE4NzUgMTE4Ljg4MjgxMjUgQy00My44NTM3OTE4MSAxMjAuMzYwMzk5MTMgLTU5LjI2NTYwMjcgMTE3LjI3MzU3MDU2IC03NC44NzEwOTM3NSAxMDQuODk0NTMxMjUgQy04Ny4zODAxMzcyOCA5NC4xMzQ4NzI3NiAtOTYuODIwMDAzMTkgNzkuNzk0Nzk2NjUgLTk4LjM3ODkwNjI1IDYzLjAzMTI1IEMtOTguNDkzODU2MDEgNTkuODYwMjIyMTkgLTk4LjUwMzYzNjk2IDU2LjcwNzkzMTAzIC05OC40Njg3NSA1My41MzUxNTYyNSBDLTk4LjQ4MDM1MTU2IDUyLjQ3NjE5MTQxIC05OC40OTE5NTMxMyA1MS40MTcyMjY1NiAtOTguNTAzOTA2MjUgNTAuMzI2MTcxODggQy05OC40NDI4MDE1IDMzLjc5NzMzNjU4IC05MC45NTU0NzIzMSAyMC4yNDMxNTEwOSAtNzkuNjU2MjUgOC40OTYwOTM3NSBDLTU4LjIxMTA1MTMzIC0xMS41NzYwODkxNSAtMjUuMjE5ODA1OSAtMTUuOTY1NzY0MjIgMCAwIFogIiBmaWxsPSIjMDAwMDJCIiB0cmFuc2Zvcm09InRyYW5zbGF0ZSg0MjIuMDkzNzUsMzI5LjkwMjM0Mzc1KSIvPgo8L3N2Zz4K + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - computeflinkdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - computeflinkdeployments/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - computeflinkdeployments/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - computeworkspaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - computeworkspaces/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - computeworkspaces/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarfunctions/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsargeoreplications/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnamespaces/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnsisolationpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnsisolationpolicies/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarnsisolationpolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpackages/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarpermissions/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsinks/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsarsources/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartenants/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - pulsartopics/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - secrets/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - secrets/status + verbs: + - get + - patch + - update + - apiGroups: + - resource.streamnative.io + resources: + - streamnativecloudconnections + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - resource.streamnative.io + resources: + - streamnativecloudconnections/finalizers + verbs: + - update + - apiGroups: + - resource.streamnative.io + resources: + - streamnativecloudconnections/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: pulsar-resources-operator-controller-manager + deployments: + - label: + control-plane: controller-manager + name: pulsar-resources-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + service.istio.io/canonical-revision: 0.9.1-rc.4 + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.4 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: olm.streamnative.io/streamnativeio/pulsar-resources-operator:v0.9.1-rc.4 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: pulsar-resources-operator-controller-manager + terminationGracePeriodSeconds: 10 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: pulsar-resources-operator-controller-manager + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - resources + - pulsar resources + - pulsar + - streamnative + links: + - name: Pulsar Resources Operator + url: https://github.com/streamnative/pulsar-resources-operator + maintainers: + - email: cloud@streamnative.io + name: StreamNative Cloud + maturity: alpha + provider: + name: StreamNative + url: https://streamnative.io + version: 0.9.1-rc.4 diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeflinkdeployments.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeflinkdeployments.yaml new file mode 100644 index 00000000000..3851e97d267 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeflinkdeployments.yaml @@ -0,0 +1,5506 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: computeflinkdeployments.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: ComputeFlinkDeployment + listKind: ComputeFlinkDeploymentList + plural: computeflinkdeployments + singular: computeflinkdeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ComputeFlinkDeployment is the Schema for the flinkdeployments + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ComputeFlinkDeploymentSpec defines the desired state of ComputeFlinkDeployment + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to the deployment + type: object + apiServerRef: + description: |- + APIServerRef is the reference to the StreamNativeCloudConnection. + If not specified, the APIServerRef from the referenced ComputeWorkspace will be used. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + communityTemplate: + description: CommunityTemplate is the community deployment template + properties: + metadata: + description: Metadata defines the metadata for the deployment + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to the deployment + type: object + labels: + additionalProperties: + type: string + description: Labels to add to the deployment + type: object + type: object + spec: + description: Spec defines the deployment specification + properties: + entryClass: + description: EntryClass defines the entry class of the JAR + type: string + flinkConfiguration: + additionalProperties: + type: string + description: FlinkConfiguration defines the Flink configuration + type: object + image: + description: Image defines the Flink image + type: string + jarUri: + description: JarURI defines the URI of the JAR file + type: string + jobManagerPodTemplate: + description: JobManagerPodTemplate defines the job manager + pod template + properties: + metadata: + description: Standard object's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource + type: object + name: + description: Name of the resource + type: string + namespace: + description: Namespace of the resource + type: string + type: object + spec: + description: Specification of the desired behavior of + the pod. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers belonging to the pod. + items: + description: Container defines a single application + container + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed + within a shell. + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + name: + description: Name of the container specified + as a DNS_LABEL. + type: string + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: Security context at container level + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + type: object + type: array + imagePullSecrets: + description: ImagePullSecrets is an optional list + of references to secrets in the same namespace to + use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging + to the pod. + items: + description: Container defines a single application + container + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed + within a shell. + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + name: + description: Name of the container specified + as a DNS_LABEL. + type: string + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: Security context at container level + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must + be true for the pod to fit on a node. + type: object + securityContext: + description: SecurityContext holds pod-level security + attributes and common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the + ServiceAccount to use to run this pod. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: List of volumes that can be mounted by + containers belonging to the pod. + items: + description: Volume represents a named volume in + a pod + properties: + configMap: + description: ConfigMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: Volume's name. + type: string + secret: + description: Secret represents a secret that + should populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + type: object + mainArgs: + description: MainArgs defines the main arguments + type: string + taskManagerPodTemplate: + description: TaskManagerPodTemplate defines the task manager + pod template + properties: + metadata: + description: Standard object's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the resource + type: object + labels: + additionalProperties: + type: string + description: Labels of the resource + type: object + name: + description: Name of the resource + type: string + namespace: + description: Namespace of the resource + type: string + type: object + spec: + description: Specification of the desired behavior of + the pod. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + x-kubernetes-list-type: atomic + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + items: + type: string + type: array + x-kubernetes-list-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + x-kubernetes-list-type: atomic + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + containers: + description: List of containers belonging to the pod. + items: + description: Container defines a single application + container + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed + within a shell. + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + name: + description: Name of the container specified + as a DNS_LABEL. + type: string + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: Security context at container level + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + type: object + type: array + imagePullSecrets: + description: ImagePullSecrets is an optional list + of references to secrets in the same namespace to + use for pulling any of the images used by this PodSpec. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: List of initialization containers belonging + to the pod. + items: + description: Container defines a single application + container + properties: + args: + description: Arguments to the entrypoint. + items: + type: string + type: array + command: + description: Entrypoint array. Not executed + within a shell. + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: Docker image name. + type: string + imagePullPolicy: + description: Image pull policy. + type: string + name: + description: Name of the container specified + as a DNS_LABEL. + type: string + resources: + description: Compute Resources required by this + container. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + securityContext: + description: Security context at container level + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent + POSIX capabilities type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + + If ReadOnly is false, this field has no meaning and must be unspecified. + + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. + type: string + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: NodeSelector is a selector which must + be true for the pod to fit on a node. + type: object + securityContext: + description: SecurityContext holds pod-level security + attributes and common container settings. + properties: + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + required: + - type + type: object + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + x-kubernetes-list-type: atomic + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter + to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the + ServiceAccount to use to run this pod. + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: List of volumes that can be mounted by + containers belonging to the pod. + items: + description: Volume represents a named volume in + a pod + properties: + configMap: + description: ConfigMap represents a configMap + that should populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: optional specify whether the + ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + name: + description: Volume's name. + type: string + secret: + description: Secret represents a secret that + should populate this volume. + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether + the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + required: + - name + type: object + type: array + type: object + type: object + required: + - image + - jarUri + type: object + required: + - spec + type: object + configuration: + description: Configuration is the list of configurations to deploy + with the Flink deployment. + properties: + envs: + description: Envs is the list of environment variables to set + in the Flink deployment. + items: + description: EnvVar defines an environment variable. + properties: + name: + description: Name of the environment variable. + type: string + value: + description: Value of the environment variable. + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Secrets is the list of secrets referenced to deploy + with the Flink deployment. + items: + description: SecretReference references a StreamNative Cloud + secret. + properties: + name: + description: Name of the ENV variable. + type: string + valueFrom: + description: ValueFrom references a secret in the same namespace. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + required: + - name + type: object + type: array + type: object + defaultPulsarCluster: + description: DefaultPulsarCluster is the default pulsar cluster to + use + type: string + imagePullSecrets: + description: ImagePullSecrets is the list of image pull secrets to + use for the deployment. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + labels: + additionalProperties: + type: string + description: Labels to add to the deployment + type: object + template: + description: Template is the VVP deployment template + properties: + deployment: + description: Deployment defines the deployment configuration + properties: + spec: + description: Spec defines the deployment specification + properties: + deploymentTargetName: + description: DeploymentTargetName defines the target name + for the deployment + type: string + jobFailureExpirationTime: + description: JobFailureExpirationTime defines the expiration + time for job failures + type: string + maxJobCreationAttempts: + description: MaxJobCreationAttempts defines the maximum + number of job creation attempts + format: int32 + minimum: 1 + type: integer + maxSavepointCreationAttempts: + description: MaxSavepointCreationAttempts defines the + maximum number of savepoint creation attempts + format: int32 + minimum: 1 + type: integer + restoreStrategy: + description: RestoreStrategy defines the restore strategy + for the deployment + properties: + allowNonRestoredState: + type: boolean + kind: + type: string + type: object + sessionClusterName: + description: SessionClusterName defines the name of the + session cluster + type: string + state: + description: State of the deployment + enum: + - RUNNING + - SUSPENDED + - CANCELLED + type: string + template: + description: Template defines the deployment template + properties: + metadata: + description: Metadata of the deployment + properties: + annotations: + additionalProperties: + type: string + description: Annotations to add to the deployment + type: object + type: object + spec: + description: Spec defines the deployment specification + properties: + artifact: + description: Artifact defines the deployment artifact + properties: + additionalDependencies: + items: + type: string + type: array + additionalPythonArchives: + items: + type: string + type: array + additionalPythonLibraries: + items: + type: string + type: array + artifactImage: + type: string + artifactKind: + enum: + - PYTHON + - SQLSCRIPT + - JAR + - UNKNOWN + type: string + entryClass: + type: string + entryModule: + type: string + flinkImageRegistry: + type: string + flinkImageRepository: + type: string + flinkImageTag: + type: string + flinkVersion: + type: string + jarUri: + type: string + kind: + enum: + - JAR + - PYTHON + - sqlscript + type: string + mainArgs: + type: string + pythonArtifactUri: + type: string + sqlScript: + type: string + uri: + type: string + type: object + flinkConfiguration: + additionalProperties: + type: string + description: FlinkConfiguration defines the Flink + configuration + type: object + kubernetes: + description: VvpDeploymentDetailsTemplateSpecKubernetesSpec + defines the Kubernetes spec for the deployment + properties: + labels: + additionalProperties: + type: string + type: object + type: object + latestCheckpointFetchInterval: + format: int32 + type: integer + logging: + description: Logging defines the logging configuration + for the Flink deployment. + properties: + log4j2ConfigurationTemplate: + type: string + log4jLoggers: + additionalProperties: + type: string + type: object + loggingProfile: + type: string + type: object + numberOfTaskManagers: + format: int32 + type: integer + parallelism: + format: int32 + type: integer + resources: + description: VvpDeploymentKubernetesResources + defines the Kubernetes resources for the VvpDeployment. + properties: + jobmanager: + description: ResourceSpec defines the resource + requirements for a component. + properties: + cpu: + description: CPU represents the minimum + amount of CPU required. + type: string + memory: + description: Memory represents the minimum + amount of memory required. + type: string + required: + - cpu + - memory + type: object + taskmanager: + description: ResourceSpec defines the resource + requirements for a component. + properties: + cpu: + description: CPU represents the minimum + amount of CPU required. + type: string + memory: + description: Memory represents the minimum + amount of memory required. + type: string + required: + - cpu + - memory + type: object + type: object + required: + - artifact + type: object + required: + - spec + type: object + required: + - template + type: object + userMetadata: + description: UserMetadata defines the metadata for the deployment + properties: + annotations: + additionalProperties: + type: string + description: Annotations of the deployment + type: object + displayName: + description: DisplayName of the deployment + type: string + labels: + additionalProperties: + type: string + description: Labels of the deployment + type: object + name: + description: Name of the deployment + type: string + namespace: + description: Namespace of the deployment + type: string + type: object + required: + - spec + - userMetadata + type: object + syncingMode: + description: SyncingMode defines how the deployment should be + synced + type: string + required: + - deployment + type: object + workspaceName: + description: WorkspaceName is the reference to the workspace, and + is required + type: string + required: + - workspaceName + type: object + status: + description: ComputeFlinkDeploymentStatus defines the observed state of + ComputeFlinkDeployment + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + deploymentStatus: + description: DeploymentStatus represents the status from the API server + type: object + x-kubernetes-preserve-unknown-fields: true + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeworkspaces.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeworkspaces.yaml new file mode 100644 index 00000000000..dc90d5e8b5c --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_computeworkspaces.yaml @@ -0,0 +1,201 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: computeworkspaces.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: ComputeWorkspace + listKind: ComputeWorkspaceList + plural: computeworkspaces + singular: computeworkspace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ComputeWorkspace is the Schema for the workspaces API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ComputeWorkspaceSpec defines the desired state of Workspace + properties: + apiServerRef: + description: APIServerRef is the reference to the StreamNativeCloudConnection + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + flinkBlobStorage: + description: FlinkBlobStorage is the configuration for the Flink blob + storage. + properties: + bucket: + description: Bucket is required if you want to use cloud storage. + type: string + path: + description: |- + Path is the sub path in the bucket. + Leave it empty if you want to use the whole bucket. + type: string + required: + - bucket + type: object + poolRef: + description: PoolRef is the reference to the pool that the workspace + will be access to. + properties: + name: + description: Name is the name of the pool + type: string + namespace: + description: Namespace is the namespace of the pool + type: string + required: + - name + type: object + pulsarClusterNames: + description: PulsarClusterNames is the list of Pulsar clusters that + the workspace will have access to. + items: + type: string + type: array + useExternalAccess: + description: UseExternalAccess is the flag to indicate whether the + workspace will use external access. + type: boolean + required: + - apiServerRef + type: object + status: + description: ComputeWorkspaceStatus defines the observed state of Workspace + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + workspaceId: + description: WorkspaceID is the ID of the workspace in the API server + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarconnections.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarconnections.yaml new file mode 100644 index 00000000000..5872ae38377 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarconnections.yaml @@ -0,0 +1,307 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarconnections.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarConnection + listKind: PulsarConnectionList + plural: pulsarconnections + shortNames: + - pconn + singular: pulsarconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.adminServiceURL + name: ADMIN_SERVICE_URL + type: string + - jsonPath: .spec.adminServiceSecureURL + name: ADMIN_SERVICE_SECURE_URL + priority: 1 + type: string + - jsonPath: .spec.brokerServiceURL + name: BROKER_SERVICE_URL + type: string + - jsonPath: .spec.brokerServiceSecureURL + name: BROKER_SERVICE_SECURE_URL + priority: 1 + type: string + - jsonPath: .metadata.generation + name: GENERATION + priority: 1 + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarConnection is the Schema for the pulsarconnections API + It represents a connection to a Pulsar cluster and includes both the desired state (Spec) + and the observed state (Status) of the connection. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarConnectionSpec defines the desired state of PulsarConnection + It specifies the configuration for connecting to a Pulsar cluster. + + + For plaintext (non-TLS) Pulsar clusters: + - Set AdminServiceURL to "http://:" + - Set BrokerServiceURL to "pulsar://:" + + + For TLS-enabled Pulsar clusters: + - Set AdminServiceSecureURL to "https://:" + - Set BrokerServiceSecureURL to "pulsar+ssl://:" + - Optionally set BrokerClientTrustCertsFilePath if using custom CA certificates + properties: + adminServiceSecureURL: + description: |- + AdminServiceSecureURL is the HTTPS URL for secure connections to the Pulsar admin service. + Use this for encrypted administrative operations. + pattern: ^https://.+$ + type: string + adminServiceURL: + description: |- + AdminServiceURL is the HTTP(S) URL for the Pulsar cluster's admin service. + This URL is used for administrative operations. + pattern: ^https?://.+$ + type: string + authentication: + description: |- + Authentication defines the authentication configuration for connecting to the Pulsar cluster. + It supports both token-based and OAuth2-based authentication methods. + properties: + oauth2: + description: |- + OAuth2 specifies the configuration for OAuth2-based authentication. + This includes all necessary parameters for setting up OAuth2 authentication with Pulsar. + For detailed information on the OAuth2 fields, refer to the PulsarAuthenticationOAuth2 struct. + properties: + audience: + description: |- + Audience is the intended recipient of the token. In Pulsar's context, this is usually + the URL of your Pulsar cluster or a specific identifier for your Pulsar service. + type: string + clientID: + description: ClientID is the OAuth2 client identifier issued + to the client during the registration process. + type: string + issuerEndpoint: + description: |- + IssuerEndpoint is the URL of the OAuth2 authorization server. + This is typically the base URL of your identity provider's OAuth2 service. + type: string + key: + description: |- + Key is either the client secret or the path to a JSON credentials file. + For confidential clients, this would be the client secret. + For public clients using JWT authentication, this would be the path to the JSON credentials file. + properties: + secretRef: + description: SecretKeyRef indicates a secret name and + key + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + value: + type: string + type: object + scope: + description: |- + Scope is an optional field to request specific permissions from the OAuth2 server. + If not specified, the default scope defined by the OAuth2 server will be used. + type: string + required: + - audience + - clientID + - issuerEndpoint + - key + type: object + token: + description: |- + Token specifies the configuration for token-based authentication. + This can be either a direct token value or a reference to a secret containing the token. + If using a secret, the token should be stored under the specified key in the secret. + properties: + secretRef: + description: SecretKeyRef indicates a secret name and key + properties: + key: + type: string + name: + type: string + required: + - key + - name + type: object + value: + type: string + type: object + type: object + brokerClientTrustCertsFilePath: + description: |- + BrokerClientTrustCertsFilePath is the file path to the trusted TLS certificate + for outgoing connections to Pulsar brokers. This is used for TLS verification. + type: string + brokerServiceSecureURL: + description: |- + BrokerServiceSecureURL is the TLS-enabled URL for secure connections to Pulsar brokers. + Use this for encrypted communications with the Pulsar cluster. + pattern: ^pulsar\+ssl://.+$ + type: string + brokerServiceURL: + description: |- + BrokerServiceURL is the non-TLS URL for connecting to Pulsar brokers. + Use this for non-secure connections to the Pulsar cluster. + pattern: ^pulsar?://.+$ + type: string + clusterName: + description: |- + ClusterName specifies the name of the local Pulsar cluster. + When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster. + type: string + type: object + status: + description: |- + PulsarConnectionStatus defines the observed state of PulsarConnection. + It provides information about the current status of the Pulsar connection. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the connection's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + secretKeyHash: + description: |- + SecretKeyHash is the hash of the secret reference used for authentication. + This is used to detect changes in the secret without exposing sensitive information. + The controller should update this hash when the secret changes. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarfunctions.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarfunctions.yaml new file mode 100644 index 00000000000..ee03e60b124 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarfunctions.yaml @@ -0,0 +1,462 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarfunctions.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarFunction + listKind: PulsarFunctionList + plural: pulsarfunctions + shortNames: + - pfunction + singular: pulsarfunction + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarFunction is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarFunctionSpec defines the desired state of PulsarFunction + properties: + autoAck: + description: AutoAck is the flag to indicate whether the function + should auto ack + type: boolean + batchBuilder: + description: BatchBuilder is the batch builder that the function uses + type: string + className: + description: ClassName is the class name of the function + type: string + cleanupSubscription: + description: CleanupSubscription is the flag to indicate whether the + subscription should be cleaned up when the function is deleted + type: boolean + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the function + x-kubernetes-preserve-unknown-fields: true + customSchemaInputs: + additionalProperties: + type: string + description: CustomSchemaInputs is the custom schema inputs of the + function + type: object + customSchemaOutputs: + additionalProperties: + type: string + description: CustomSchemaOutputs is the custom schema outputs of the + function + type: object + customSerdeInputs: + additionalProperties: + type: string + description: CustomSerdeInputs is the custom serde inputs of the function + type: object + deadLetterTopic: + description: DeadLetterTopic is the dead letter topic of the function + type: string + exposePulsarAdminClientEnabled: + description: ExposePulsarAdminClientEnabled is the flag to indicate + whether the function should expose pulsar admin client + type: boolean + forwardSourceMessageProperty: + description: ForwardSourceMessageProperty is the flag to indicate + whether the function should forward source message properties + type: boolean + go: + description: Go is the go of the function + properties: + url: + type: string + type: object + inputSpecs: + additionalProperties: + description: ConsumerConfig represents the configuration for the + consumer of the pulsar functions and connectors + properties: + consumerProperties: + additionalProperties: + type: string + type: object + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + poolMessages: + type: boolean + receiverQueueSize: + type: integer + regexPattern: + type: boolean + schemaProperties: + additionalProperties: + type: string + type: object + schemaType: + type: string + serdeClassName: + type: string + type: object + description: InputSpecs is the input specs of the function + type: object + inputTypeClassName: + description: InputTypeClassName is the input type class name of the + function + type: string + inputs: + description: Inputs is the inputs of the function + items: + type: string + type: array + jar: + description: Jar is the jar of the function + properties: + url: + type: string + type: object + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + logTopic: + description: LogTopic is the log topic of the function + type: string + maxMessageRetries: + description: MaxMessageRetries is the max message retries of the function + type: integer + maxPendingAsyncRequests: + description: MaxPendingAsyncRequests is the max pending async requests + of the function + type: integer + name: + description: Name is the name of the function + type: string + namespace: + description: Namespace is the namespace of the function + type: string + output: + description: Output is the output of the function + type: string + outputSchemaType: + description: OutputSchemaType is the output schema type of the function + type: string + outputSerdeClassName: + description: OutputSerdeClassName is the output serde class name of + the function + type: string + outputTypeClassName: + description: OutputTypeClassName is the output type class name of + the function + type: string + parallelism: + description: Parallelism is the parallelism of the function + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the function + type: string + producerConfig: + description: ProducerConfig is the producer config of the function + properties: + batchBuilder: + type: string + compressionType: + type: string + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + maxPendingMessages: + type: integer + maxPendingMessagesAcrossPartitions: + type: integer + useThreadLocalProducers: + type: boolean + type: object + py: + description: Py is the py of the function + properties: + url: + type: string + type: object + resources: + description: Resources is the resources of the function + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + retainKeyOrdering: + description: RetainKeyOrdering is the flag to indicate whether the + function should retain key ordering + type: boolean + retainOrdering: + description: RetainOrdering is the flag to indicate whether the function + should retain ordering + type: boolean + runtimeFlags: + description: RuntimeFlags is the runtime flags of the function + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the secrets of the function + type: object + skipToLatest: + description: SkipToLatest is the flag to indicate whether the function + should skip to latest + type: boolean + subName: + description: SubName is the sub name of the function + type: string + subscriptionPosition: + description: SubscriptionPosition is the subscription position of + the function + type: string + tenant: + description: Tenant is the tenant of the function + type: string + timeoutMs: + description: TimeoutMs is the function timeout in milliseconds + format: int64 + type: integer + topicsPattern: + description: TopicsPattern is the topics pattern that the function + subscribes to + type: string + userConfig: + description: UserConfig is the user config of the function + x-kubernetes-preserve-unknown-fields: true + windowConfig: + description: WindowConfig is the window config of the function + properties: + actualWindowFunctionClassName: + type: string + lateDataTopic: + type: string + maxLagMs: + format: int64 + type: integer + processingGuarantees: + type: string + slidingIntervalCount: + type: integer + slidingIntervalDurationMs: + format: int64 + type: integer + timestampExtractorClassName: + type: string + watermarkEmitIntervalMs: + format: int64 + type: integer + windowLengthCount: + type: integer + windowLengthDurationMs: + format: int64 + type: integer + type: object + required: + - connectionRef + type: object + status: + description: PulsarFunctionStatus defines the observed state of PulsarFunction + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsargeoreplications.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsargeoreplications.yaml new file mode 100644 index 00000000000..d45e0730fdf --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsargeoreplications.yaml @@ -0,0 +1,185 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsargeoreplications.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + kind: PulsarGeoReplication + listKind: PulsarGeoReplicationList + plural: pulsargeoreplications + singular: pulsargeoreplication + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarGeoReplication is the Schema for the pulsargeoreplications + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarGeoReplicationSpec defines the desired state of PulsarGeoReplication + properties: + connectionRef: + description: ConnectionRef is the reference to the source PulsarConnection + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + destinationConnectionRef: + description: DestinationConnectionRef is the connection reference + to the remote cluster + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + required: + - connectionRef + - destinationConnectionRef + type: object + status: + description: PulsarGeoReplicationStatus defines the observed state of + PulsarGeoReplication + properties: + conditions: + description: Conditions Represents the observations of a connection's + current state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnamespaces.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnamespaces.yaml new file mode 100644 index 00000000000..937c1c2ab5c --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnamespaces.yaml @@ -0,0 +1,333 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarnamespaces.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarNamespace + listKind: PulsarNamespaceList + plural: pulsarnamespaces + shortNames: + - pns + singular: pulsarnamespace + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarNamespace is the Schema for the pulsarnamespaces API + It represents a Pulsar namespace in the Kubernetes cluster and includes both + the desired state (Spec) and the observed state (Status) of the namespace. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarNamespaceSpec defines the desired state of a Pulsar namespace. + It corresponds to the configuration options available in Pulsar's namespace admin API. + properties: + backlogQuotaLimitSize: + anyOf: + - type: integer + - type: string + description: |- + BacklogQuotaLimitSize specifies the size limit for message backlog. + When the limit is reached, older messages will be removed or handled according to the retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + backlogQuotaLimitTime: + description: |- + BacklogQuotaLimitTime specifies the time limit for message backlog. + Messages older than this limit will be removed or handled according to the retention policy. + type: string + backlogQuotaRetentionPolicy: + description: |- + BacklogQuotaRetentionPolicy specifies the retention policy for messages when backlog quota is exceeded. + Valid values are "producer_request_hold", "producer_exception", or "consumer_backlog_eviction". + type: string + backlogQuotaType: + description: |- + BacklogQuotaType controls how the backlog quota is enforced. + "destination_storage" limits backlog by size (in bytes), while "message_age" limits by time. + enum: + - destination_storage + - message_age + type: string + bookieAffinityGroup: + description: BookieAffinityGroup is the name of the namespace isolation + policy to apply to the namespace. + properties: + bookkeeperAffinityGroupPrimary: + type: string + bookkeeperAffinityGroupSecondary: + type: string + required: + - bookkeeperAffinityGroupPrimary + type: object + bundles: + description: |- + Bundles specifies the number of bundles to split the namespace into. + This affects how the namespace is distributed across the cluster. + format: int32 + type: integer + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + deduplication: + description: Deduplication controls whether to enable message deduplication + for the namespace. + type: boolean + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this namespace. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between two Pulsar instances. + Please use `ReplicationClusters` instead if you are replicating clusters within the same Pulsar instance. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar namespace + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxConsumersPerSubscription: + description: MaxConsumersPerSubscription sets the maximum number of + consumers allowed on a single subscription in the namespace. + format: int32 + type: integer + maxConsumersPerTopic: + description: MaxConsumersPerTopic sets the maximum number of consumers + allowed on a single topic in the namespace. + format: int32 + type: integer + maxProducersPerTopic: + description: MaxProducersPerTopic sets the maximum number of producers + allowed on a single topic in the namespace. + format: int32 + type: integer + messageTTL: + description: |- + MessageTTL specifies the Time to Live (TTL) for messages in the namespace. + Messages older than this TTL will be automatically marked as consumed. + type: string + name: + description: Name is the fully qualified namespace name in the format + "tenant/namespace". + type: string + offloadThresholdSize: + anyOf: + - type: integer + - type: string + description: |- + OffloadThresholdSize specifies the size limit for message offloading. + When the limit is reached, older messages will be offloaded to the tiered storage. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + offloadThresholdTime: + description: |- + OffloadThresholdTime specifies the time limit for message offloading. + Messages older than this limit will be offloaded to the tiered storage. + type: string + replicationClusters: + description: |- + ReplicationClusters is the list of clusters to which the namespace is replicated + This is **ONLY** used if you are replicating clusters within the same Pulsar instance. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between two Pulsar instances. + items: + type: string + type: array + retentionSize: + anyOf: + - type: integer + - type: string + description: |- + RetentionSize specifies the maximum size of backlog retained in the namespace. + Should be set in conjunction with RetentionTime for effective retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + retentionTime: + description: |- + RetentionTime specifies the minimum time to retain messages in the namespace. + Should be set in conjunction with RetentionSize for effective retention policy. + Retention Quota must exceed configured backlog quota for namespace + type: string + required: + - connectionRef + - name + type: object + status: + description: PulsarNamespaceStatus defines the observed state of PulsarNamespace + properties: + conditions: + description: |- + Conditions represent the latest available observations of the namespace's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the namespace. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + geoReplicationEnabled: + description: |- + GeoReplicationEnabled indicates whether geo-replication between two Pulsar instances (via PulsarGeoReplication) + is enabled for the namespace + type: boolean + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnsisolationpolicies.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnsisolationpolicies.yaml new file mode 100644 index 00000000000..8e5f8405e1c --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarnsisolationpolicies.yaml @@ -0,0 +1,222 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarnsisolationpolicies.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarNSIsolationPolicy + listKind: PulsarNSIsolationPolicyList + plural: pulsarnsisolationpolicies + shortNames: + - pnsip + singular: pulsarnsisolationpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarNSIsolationPolicy is the Schema for the pulsar ns-isolation-policy API + It represents a Pulsar NsIsolationPolicy in the Kubernetes cluster and includes both + the desired state (Spec) and the observed state (Status) of the policy. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarNSIsolationPolicySpec defines the desired state of a Pulsar namespace isolation policy. + It corresponds to the configuration options available in Pulsar's namespaceIsolationPolicies admin API. + properties: + autoFailoverPolicyParams: + additionalProperties: + type: string + description: AutoFailoverPolicyParams auto failover policy parameters + type: object + autoFailoverPolicyType: + description: AutoFailoverPolicyType auto failover policy type name, + only support min_available now + enum: + - min_available + type: string + cluster: + description: Cluster is the name of the Pulsar Cluster + type: string + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this ns-isolation-policy. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: Name is the policy name + type: string + namespaces: + description: Namespaces namespaces-regex list + items: + type: string + type: array + primary: + description: Primary primary-broker-regex list + items: + type: string + type: array + secondary: + description: Secondary secondary-broker-regex list, optional + items: + type: string + type: array + required: + - autoFailoverPolicyParams + - autoFailoverPolicyType + - cluster + - connectionRef + - name + - namespaces + - primary + type: object + status: + description: PulsarNSIsolationPolicyStatus defines the observed state + of PulsarNSIsolationPolicy + properties: + conditions: + description: |- + Conditions represent the latest available observations of the ns-isolation-policy's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the ns-isolation-policy. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpackages.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpackages.yaml new file mode 100644 index 00000000000..9ee12e37253 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpackages.yaml @@ -0,0 +1,212 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarpackages.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarPackage + listKind: PulsarPackageList + plural: pulsarpackages + shortNames: + - ppackage + singular: pulsarpackage + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarPackage is the Schema for the pulsar package management + service's package API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarPackageSpec defines the desired state of PulsarPackage + properties: + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + contact: + type: string + description: + type: string + fileURL: + description: |- + FileURL is the download-able URL of the package from http or https protocol + Support cloud storage providers: AWS S3 (s3://), Google Cloud Storage (gs://), Azure Blob Storage (azblob://) + type: string + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + packageURL: + description: PackageURL is the Pulsar Package URL, in format of type://tenant/namespace/package@version + type: string + properties: + additionalProperties: + type: string + type: object + syncPolicy: + description: |- + SyncPolicy represents the sync policy of the package, including Always, IfNotPresent, Never + Defaults to Always if @latest tag is used in the package URL, or IfNotPresent otherwise + enum: + - Always + - IfNotPresent + - Never + type: string + required: + - connectionRef + - fileURL + - packageURL + type: object + status: + description: PulsarPackageStatus defines the observed state of PulsarPackage + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpermissions.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpermissions.yaml new file mode 100644 index 00000000000..d8d801e0015 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarpermissions.yaml @@ -0,0 +1,227 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarpermissions.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarPermission + listKind: PulsarPermissionList + plural: pulsarpermissions + shortNames: + - ppermission + singular: pulsarpermission + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.resourceName + name: RESOURCE NAME + type: string + - jsonPath: .spec.resourceType + name: RESOURCE TYPE + type: string + - jsonPath: .spec.roles + name: ROLES + type: string + - jsonPath: .spec.actions + name: ACTIONS + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarPermission is the Schema for the pulsarpermissions API. + It represents a set of permissions granted to specific roles for a Pulsar resource (namespace or topic). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarPermissionSpec defines the desired state of PulsarPermission. + It specifies the configuration for granting permissions to Pulsar resources. + properties: + actions: + description: |- + Actions is a list of permissions to grant. + Valid options include "produce", "consume", and "functions". + items: + type: string + type: array + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this permission. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + lifecyclePolicy: + description: |- + LifecyclePolicy determines how to handle the Pulsar permissions + when the PulsarPermission resource is deleted. + type: string + resourceName: + description: |- + ResourceName is the name of the target resource (namespace or topic) + to which the permissions will be granted. + type: string + resourceType: + description: ResourceType indicates whether the permission is for + a namespace or a topic. + enum: + - namespace + - topic + type: string + roles: + description: |- + Roles is a list of role names that will be granted the specified permissions + for the target resource. + items: + type: string + type: array + required: + - connectionRef + - resourceName + - resourceType + - roles + type: object + status: + description: |- + PulsarPermissionStatus defines the observed state of PulsarPermission. + It provides information about the current status of the Pulsar permission configuration. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarPermission's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the permission configuration. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsinks.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsinks.yaml new file mode 100644 index 00000000000..e2b97a1f118 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsinks.yaml @@ -0,0 +1,369 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarsinks.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarSink + listKind: PulsarSinkList + plural: pulsarsinks + shortNames: + - psink + singular: pulsarsink + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarSink is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarSinkSpec defines the desired state of PulsarSink + properties: + archive: + description: Archive is the archive of the PulsarSink + properties: + url: + type: string + type: object + autoAck: + description: AutoAck is the flag to enable or disable the auto ack + type: boolean + className: + description: ClassName is the class name of the PulsarSink + type: string + cleanupSubscription: + description: CleanupSubscription is the flag to enable or disable + the cleanup of subscription + type: boolean + configs: + description: Configs is the map of configs of the PulsarSink + x-kubernetes-preserve-unknown-fields: true + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the PulsarSink + x-kubernetes-preserve-unknown-fields: true + deadLetterTopic: + description: DeadLetterTopic is the dead letter topic of the PulsarSink + type: string + inputSpecs: + additionalProperties: + description: ConsumerConfig represents the configuration for the + consumer of the pulsar functions and connectors + properties: + consumerProperties: + additionalProperties: + type: string + type: object + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + poolMessages: + type: boolean + receiverQueueSize: + type: integer + regexPattern: + type: boolean + schemaProperties: + additionalProperties: + type: string + type: object + schemaType: + type: string + serdeClassName: + type: string + type: object + description: InputSpecs is the map of input specs of the PulsarSink + type: object + inputs: + description: Inputs is the list of inputs of the PulsarSink + items: + type: string + type: array + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxMessageRetries: + description: MaxMessageRetries is the max message retries of the PulsarSink + type: integer + name: + description: Name is the name of the PulsarSink + type: string + namespace: + description: Namespace is the namespace of the PulsarSink + type: string + negativeAckRedeliveryDelayMs: + description: NegativeAckRedeliveryDelayMs is the negative ack redelivery + delay in milliseconds of the PulsarSink + format: int64 + type: integer + parallelism: + description: Parallelism is the parallelism of the PulsarSink + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the PulsarSink + type: string + resources: + description: Resources is the resource requirements for the PulsarSink + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + retainKeyOrdering: + description: RetainKeyOrdering is the flag to enable or disable the + retain key ordering + type: boolean + retainOrdering: + description: RetainOrdering is the flag to enable or disable the retain + ordering + type: boolean + runtimeFlags: + description: RuntimeFlags is the runtime flags of the PulsarSink + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the map of secrets of the PulsarSink + type: object + sinkType: + description: SinkType is the type of the PulsarSink + type: string + sourceSubscriptionName: + description: SourceSubscriptionName is the source subscription name + of the PulsarSink + type: string + sourceSubscriptionPosition: + description: SourceSubscriptionPosition is the source subscription + position of the PulsarSink + type: string + tenant: + description: Tenant is the tenant of the PulsarSink + type: string + timeoutMs: + description: TimeoutMs is the timeout in milliseconds for the PulsarSink + format: int64 + type: integer + topicToSchemaProperties: + additionalProperties: + type: string + description: TopicToSchemaProperties is the map of topic to schema + properties of the PulsarSink + type: object + topicToSchemaType: + additionalProperties: + type: string + description: TopicToSchemaType is the map of topic to schema type + of the PulsarSink + type: object + topicToSerdeClassName: + additionalProperties: + type: string + description: TopicToSerdeClassName is the map of topic to serde class + name of the PulsarSink + type: object + topicsPattern: + description: TopicsPattern is the pattern of topics to consume from + Pulsar + type: string + transformFunction: + description: TransformFunction is the transform function of the PulsarSink + type: string + transformFunctionClassName: + description: TransformFunctionClassName is the transform function + class name of the PulsarSink + type: string + transformFunctionConfig: + description: TransformFunctionConfig is the transform function config + of the PulsarSink + type: string + required: + - connectionRef + type: object + status: + description: PulsarSinkStatus defines the observed state of PulsarSink + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsources.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsources.yaml new file mode 100644 index 00000000000..1bf3d17988e --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsarsources.yaml @@ -0,0 +1,298 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsarsources.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarSource + listKind: PulsarSourceList + plural: pulsarsources + shortNames: + - psource + singular: pulsarsource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarSource is the Schema for the pulsar functions API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PulsarSourceSpec defines the desired state of PulsarSource + properties: + archive: + description: Archive is the archive of the PulsarSource + properties: + url: + type: string + type: object + batchBuilder: + description: BatchBuilder is the batch builder of the PulsarSource + type: string + batchSourceConfig: + description: BatchSourceConfig is the batch source config of the PulsarSource + properties: + discoveryTriggererClassName: + type: string + discoveryTriggererConfig: + x-kubernetes-preserve-unknown-fields: true + type: object + className: + description: ClassName is the class name of the + type: string + configs: + description: Configs is the map of configs of the PulsarSource + x-kubernetes-preserve-unknown-fields: true + connectionRef: + description: ConnectionRef is the reference to the PulsarConnection + resource + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + customRuntimeOptions: + description: CustomRuntimeOptions is the custom runtime options of + the PulsarSource + x-kubernetes-preserve-unknown-fields: true + lifecyclePolicy: + description: |- + PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources + when the corresponding custom resource (CR) is deleted from the Kubernetes cluster. + This policy allows users to control whether Pulsar resources should be retained or + removed from the Pulsar cluster after the CR is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + name: + description: Name is the name of the PulsarSource + type: string + namespace: + description: Namespace is the namespace of the PulsarSource + type: string + parallelism: + description: Parallelism is the parallelism of the PulsarSource + type: integer + processingGuarantees: + description: ProcessingGuarantees is the processing guarantees of + the PulsarSource + type: string + producerConfig: + description: ProducerConfig is the producer config of the PulsarSource + properties: + batchBuilder: + type: string + compressionType: + type: string + cryptoConfig: + description: CryptoConfig represents the configuration for the + crypto of the pulsar functions and connectors + properties: + consumerCryptoFailureAction: + type: string + cryptoKeyReaderClassName: + type: string + cryptoKeyReaderConfig: + additionalProperties: + type: string + type: object + encryptionKeys: + items: + type: string + type: array + producerCryptoFailureAction: + type: string + type: object + maxPendingMessages: + type: integer + maxPendingMessagesAcrossPartitions: + type: integer + useThreadLocalProducers: + type: boolean + type: object + resources: + description: Resources is the resources of the PulsarSource + properties: + cpu: + type: string + disk: + format: int64 + type: integer + ram: + format: int64 + type: integer + type: object + runtimeFlags: + description: RuntimeFlags is the runtime flags of the PulsarSource + type: string + schemaType: + description: SchemaType is the schema type of the PulsarSource + type: string + secrets: + additionalProperties: + description: FunctionSecretKeyRef indicates a secret name and key + properties: + key: + type: string + path: + type: string + required: + - key + - path + type: object + description: Secrets is the map of secrets of the PulsarSource + type: object + serdeClassName: + description: SerdeClassName is the serde class name of the PulsarSource + type: string + tenant: + description: Tenant is the tenant of the PulsarSource + type: string + topicName: + description: TopicName is the topic name of the PulsarSource + type: string + required: + - connectionRef + type: object + status: + description: PulsarSourceStatus defines the observed state of PulsarSource + properties: + conditions: + description: Represents the observations of a connection's current + state. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartenants.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartenants.yaml new file mode 100644 index 00000000000..f769196c042 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartenants.yaml @@ -0,0 +1,240 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsartenants.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarTenant + listKind: PulsarTenantList + plural: pulsartenants + shortNames: + - ptenant + singular: pulsartenant + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PulsarTenant is the Schema for the pulsartenants API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarTenantSpec defines the desired state of PulsarTenant. + It corresponds to the configuration options available in Pulsar's tenant admin API. + properties: + adminRoles: + description: |- + AdminRoles is a list of roles that have administrative privileges for this tenant. + These roles can perform actions like creating namespaces, topics, and managing permissions. + items: + type: string + type: array + allowedClusters: + description: |- + AllowedClusters is a list of clusters that this tenant is allowed to access. + This field is optional and can be used to restrict the clusters a tenant can connect to. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between multiple Pulsar instances. + items: + type: string + type: array + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this tenant. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this tenant across multiple Pulsar instances. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between multiple Pulsar instances. + Please use `AllowedClusters` instead if you are allowing a tenant to be available within + specific clusters in a same Pulsar instance. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar tenant + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + name: + description: |- + Name is the tenant name. + This field is required and must be unique within the Pulsar cluster. + type: string + required: + - connectionRef + - name + type: object + status: + description: |- + PulsarTenantStatus defines the observed state of PulsarTenant. + It contains information about the current state of the Pulsar tenant. + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarTenant's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type is typically used to indicate the overall status of the tenant. + Other condition types may be used to provide more detailed status information. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartopics.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartopics.yaml new file mode 100644 index 00000000000..5d5e5a66457 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_pulsartopics.yaml @@ -0,0 +1,342 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: pulsartopics.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - pulsar + - pulsarres + kind: PulsarTopic + listKind: PulsarTopicList + plural: pulsartopics + shortNames: + - ptopic + singular: pulsartopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.name + name: RESOURCE_NAME + type: string + - jsonPath: .metadata.generation + name: GENERATION + type: string + - jsonPath: .status.observedGeneration + name: OBSERVED_GENERATION + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=="PolicyReady")].status + name: POLICY_READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PulsarTopic is the Schema for the pulsartopics API + It represents a Pulsar topic in the Kubernetes cluster and includes both + the desired state (Spec) and the observed state (Status) of the topic. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + PulsarTopicSpec defines the desired state of PulsarTopic. + It corresponds to the configuration options available in Pulsar's topic admin API. + properties: + backlogQuotaLimitSize: + anyOf: + - type: integer + - type: string + description: |- + BacklogQuotaLimitSize specifies the size limit for message backlog. + When the limit is reached, older messages will be removed or handled according to the retention policy. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + backlogQuotaLimitTime: + description: |- + BacklogQuotaLimitTime specifies the time limit for message backlog. + Messages older than this limit will be removed or handled according to the retention policy. + type: string + backlogQuotaRetentionPolicy: + description: |- + BacklogQuotaRetentionPolicy specifies the retention policy for messages when backlog quota is exceeded. + Valid values are "producer_request_hold", "producer_exception", or "consumer_backlog_eviction". + type: string + connectionRef: + description: |- + ConnectionRef is the reference to the PulsarConnection resource + used to connect to the Pulsar cluster for this topic. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + deduplication: + description: Deduplication controls whether to enable message deduplication + for the topic. + type: boolean + geoReplicationRefs: + description: |- + GeoReplicationRefs is a list of references to PulsarGeoReplication resources, + used to configure geo-replication for this topic across multiple Pulsar instances. + This is **ONLY** used when you are using PulsarGeoReplication for setting up geo-replication + between two Pulsar instances. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + type: array + lifecyclePolicy: + description: |- + LifecyclePolicy determines whether to keep or delete the Pulsar topic + when the Kubernetes resource is deleted. + enum: + - CleanUpAfterDeletion + - KeepAfterDeletion + type: string + maxConsumers: + description: MaxConsumers sets the maximum number of consumers allowed + on the topic. + format: int32 + type: integer + maxProducers: + description: MaxProducers sets the maximum number of producers allowed + on the topic. + format: int32 + type: integer + maxUnAckedMessagesPerConsumer: + description: |- + MaxUnAckedMessagesPerConsumer sets the maximum number of unacknowledged + messages allowed for a consumer before it's blocked from receiving more messages. + format: int32 + type: integer + maxUnAckedMessagesPerSubscription: + description: |- + MaxUnAckedMessagesPerSubscription sets the maximum number of unacknowledged + messages allowed for a subscription before it's blocked from receiving more messages. + format: int32 + type: integer + messageTTL: + description: |- + MessageTTL specifies the Time to Live (TTL) for messages on the topic. + Messages older than this TTL will be automatically marked as deleted. + type: string + name: + description: Name is the topic name + type: string + partitions: + default: 0 + description: |- + Partitions specifies the number of partitions for a partitioned topic. + Set to 0 for a non-partitioned topic. + format: int32 + type: integer + persistent: + default: true + description: |- + Persistent determines if the topic is persistent (true) or non-persistent (false). + Defaults to true if not specified. + type: boolean + replicationClusters: + description: |- + ReplicationClusters is the list of clusters to which the topic is replicated + This is **ONLY** used if you are replicating clusters within the same Pulsar instance. + Please use `GeoReplicationRefs` instead if you are setting up geo-replication + between two Pulsar instances. + items: + type: string + type: array + retentionSize: + anyOf: + - type: integer + - type: string + description: |- + RetentionSize specifies the maximum size of backlog retained on the topic. + Should be set in conjunction with RetentionTime for effective retention policy. + Retention Quota must exceed configured backlog quota for topic + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + retentionTime: + description: |- + RetentionTime specifies the minimum time to retain messages on the topic. + Should be set in conjunction with RetentionSize for effective retention policy. + Retention Quota must exceed configured backlog quota for topic + type: string + schemaInfo: + description: SchemaInfo defines the schema for the topic, if any. + properties: + properties: + additionalProperties: + type: string + description: |- + Properties is a map of user-defined properties associated with the schema. + These can be used to store additional metadata about the schema. + type: object + schema: + description: |- + Schema contains the actual schema definition. + For AVRO and JSON schemas, this should be a JSON string of the schema definition. + For PROTOBUF schemas, this should be the protobuf definition string. + For BYTES or NONE schemas, this field can be empty. + type: string + type: + description: |- + Type determines how to interpret the schema data. + Valid values include: "AVRO", "JSON", "PROTOBUF", "PROTOBUF_NATIVE", "KEY_VALUE", "BYTES", or "NONE". + For KEY_VALUE schemas, use the format "KEY_VALUE(KeyType,ValueType)" where KeyType and ValueType + are one of the other schema types. + type: string + type: object + required: + - connectionRef + - name + type: object + status: + description: PulsarTopicStatus defines the observed state of PulsarTopic + properties: + conditions: + description: |- + Conditions represent the latest available observations of the PulsarTopic's current state. + It follows the Kubernetes conventions for condition types and status. + The "Ready" condition type indicates the overall status of the topic. + The "PolicyReady" condition type indicates whether the topic policies have been successfully applied. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + geoReplicationEnabled: + description: |- + GeoReplicationEnabled indicates whether geo-replication is enabled for this topic. + This is set to true when GeoReplicationRefs are configured in the spec and successfully applied. + type: boolean + observedGeneration: + description: |- + ObservedGeneration is the most recent generation observed for this resource. + It corresponds to the metadata generation, which is updated on mutation by the API Server. + This field is used to track whether the controller has processed the latest changes. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_secrets.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_secrets.yaml new file mode 100644 index 00000000000..12271a4e216 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_secrets.yaml @@ -0,0 +1,227 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: secrets.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: Secret + listKind: SecretList + plural: secrets + singular: secret + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Secret is the Schema for the StreamNative Cloud Secret API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SecretSpec defines the desired state of StreamNative Cloud + Secret + properties: + apiServerRef: + description: APIServerRef is the reference to the StreamNativeCloudConnection + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + data: + additionalProperties: + type: string + description: the value should be base64 encoded + type: object + instanceName: + description: InstanceName is the name of the instance this secret + is for (e.g. pulsar-instance) + type: string + location: + description: Location is the location of the secret. + type: string + poolMemberName: + description: PoolMemberName is the pool member to deploy the secret. + type: string + secretRef: + description: |- + SecretRef is the reference to the kubernetes secret + When SecretRef is set, it will be used to fetch the secret data. + Data will be ignored. + properties: + name: + type: string + namespace: + type: string + required: + - name + - namespace + type: object + tolerations: + description: Toleration is the toleration for the secret. + items: + description: |- + Toleration The workload this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule and PreferNoSchedule. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a workload can + tolerate all taints of a particular category. + type: string + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: + description: Type Used to facilitate programmatic handling of secret + data. + type: string + required: + - apiServerRef + type: object + status: + description: SecretStatus defines the observed state of StreamNative Cloud + Secret + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_streamnativecloudconnections.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_streamnativecloudconnections.yaml new file mode 100644 index 00000000000..9aa57c6b012 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/resource.streamnative.io_streamnativecloudconnections.yaml @@ -0,0 +1,199 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + creationTimestamp: null + name: streamnativecloudconnections.resource.streamnative.io +spec: + group: resource.streamnative.io + names: + categories: + - streamnative + - all + kind: StreamNativeCloudConnection + listKind: StreamNativeCloudConnectionList + plural: streamnativecloudconnections + singular: streamnativecloudconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: READY + type: string + - jsonPath: .spec.server + name: SERVER + type: string + - jsonPath: .spec.organization + name: ORGANIZATION + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: StreamNativeCloudConnection is the Schema for the StreamNativeCloudConnections + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: StreamNativeCloudConnectionSpec defines the desired state + of StreamNativeCloudConnection + properties: + auth: + description: Auth defines the authentication configuration + properties: + credentialsRef: + description: CredentialsRef is the reference to the service account + credentials secret + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - credentialsRef + type: object + logs: + description: Logs defines the logging service configuration + properties: + serviceUrl: + description: ServiceURL is the URL of the logging service + type: string + required: + - serviceUrl + type: object + organization: + description: |- + Organization is the organization to use in the API server + If not specified, the operator will use the connection name as the organization + type: string + server: + description: Server is the URL of the API server + type: string + required: + - auth + - server + type: object + status: + description: StreamNativeCloudConnectionStatus defines the observed state + of StreamNativeCloudConnection + properties: + conditions: + description: Conditions represent the latest available observations + of an object's state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastConnectedTime: + description: LastConnectedTime is the last time we successfully connected + to the API server + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-credentials_v1_secret.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-credentials_v1_secret.yaml new file mode 100644 index 00000000000..e944015f72c --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-credentials_v1_secret.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + credentials.json: | + { + "type": "sn_service_account", + "client_secret": "client_secret", + "client_email": "client-email", + "issuer_url": "issuer_url", + "client_id": "client-id" + } +kind: Secret +metadata: + name: test-credentials +type: Opaque diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-secret_resource.streamnative.io_v1alpha1_secret.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-secret_resource.streamnative.io_v1alpha1_secret.yaml new file mode 100644 index 00000000000..4386c005b3b --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/manifests/test-secret_resource.streamnative.io_v1alpha1_secret.yaml @@ -0,0 +1,12 @@ +apiVersion: resource.streamnative.io/v1alpha1 +kind: Secret +metadata: + name: test-secret +spec: + apiServerRef: + name: test-connection + data: + key: value + instanceName: test-instance + location: useast1 + type: Opaque diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/metadata/annotations.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/metadata/annotations.yaml new file mode 100644 index 00000000000..06c2dde97df --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/metadata/annotations.yaml @@ -0,0 +1,17 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: pulsar-resources-operator + operators.operatorframework.io.bundle.channels.v1: alpha,beta,stable + operators.operatorframework.io.bundle.channel.default.v1: alpha + operators.operatorframework.io.metrics.builder: operator-sdk-v1.31.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + # OpenShift annotations. + com.redhat.openshift.versions: v4.6-v4.17 diff --git a/operators/pulsar-resources-operator/0.9.1-rc.4/tests/scorecard/config.yaml b/operators/pulsar-resources-operator/0.9.1-rc.4/tests/scorecard/config.yaml new file mode 100644 index 00000000000..21f1d101ef8 --- /dev/null +++ b/operators/pulsar-resources-operator/0.9.1-rc.4/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:master + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}