diff --git a/CHANGELOG.md b/CHANGELOG.md index 3e59e3b..bcb3e3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## [MAJOR.MINOR.PATCH] - YYYY-MM-DD +## aiven-operator-v0.7.0 - 2023-01-20 +* sync with aiven-operator v0.7.0 + ## aiven-operator-v0.6.0 - 2023-01-16 * sync with aiven-operator v0.6.0 diff --git a/charts/aiven-operator-crds/Chart.yaml b/charts/aiven-operator-crds/Chart.yaml index 5aba523..baefb2a 100644 --- a/charts/aiven-operator-crds/Chart.yaml +++ b/charts/aiven-operator-crds/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: aiven-operator-crds description: A Helm chart to deploy the aiven operator custom resource definitions type: application -version: v0.6.0 -appVersion: v0.6.0 +version: v0.7.0 +appVersion: v0.7.0 maintainers: - name: mhoffm-aiven url: https://www.aiven.io diff --git a/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml new file mode 100644 index 0000000..9fd0b28 --- /dev/null +++ b/charts/aiven-operator-crds/templates/aiven.io_cassandras.yaml @@ -0,0 +1,327 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: cassandras.aiven.io +spec: + group: aiven.io + names: + kind: Cassandra + listKind: CassandraList + plural: cassandras + singular: cassandra + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Cassandra is the Schema for the cassandras API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CassandraSpec defines the desired state of Cassandra + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + connInfoSecretTarget: + description: Information regarding secret creation + properties: + name: + description: Name of the Secret resource to be created + type: string + required: + - name + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: + - name + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if any. + maxLength: 36 + type: string + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Cassandra specific user configuration options + properties: + additional_backup_regions: + description: AdditionalBackupRegions Additional Cloud Regions + for Backup Replication + items: + type: string + maxItems: 1 + type: array + cassandra: + description: Cassandra cassandra configuration values + properties: + batch_size_fail_threshold_in_kb: + description: BatchSizeFailThresholdInKb Fail any multiple-partition + batch exceeding this value. 50kb (10x warn threshold) by + default. + maximum: 1000000 + minimum: 1 + type: integer + batch_size_warn_threshold_in_kb: + description: BatchSizeWarnThresholdInKb Log a warning message + on any multiple-partition batch size exceeding this value.5kb + per batch by default.Caution should be taken on increasing + the size of this thresholdas it can lead to node instability. + maximum: 1000000 + minimum: 1 + type: integer + datacenter: + description: Datacenter Name of the datacenter to which nodes + of this service belong. Can be set only when creating the + service. + maxLength: 128 + type: string + type: object + cassandra_version: + description: CassandraVersion Cassandra major version + enum: + - 3 + - 4 + type: string + ip_filter: + description: IpFilter Allow incoming connections from CIDR address + block, e.g. '10.20.0.0/16' + items: + description: IpFilter CIDR address block, either as a string, + or in a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: Network CIDR address block + maxLength: 43 + type: string + required: + - network + type: object + maxItems: 1024 + type: array + migrate_sstableloader: + description: MigrateSstableloader Sets the service into migration + mode enabling the sstableloader utility to be used to upload + Cassandra data files. Available only on service create. + type: boolean + private_access: + description: PrivateAccess Allow access to selected service ports + from private networks + properties: + prometheus: + description: Prometheus Allow clients to connect to prometheus + with a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + project_to_fork_from: + description: ProjectToForkFrom Name of another project to fork + a service from. This has effect only when a new service is being + created. + maxLength: 63 + type: string + public_access: + description: PublicAccess Allow access to selected service ports + from the public Internet + properties: + prometheus: + description: Prometheus Allow clients to connect to prometheus + from the public internet for service nodes that are in a + project VPC or another type of private network + type: boolean + type: object + service_to_fork_from: + description: ServiceToForkFrom Name of another service to fork + from. This has effect only when a new service is being created. + maxLength: 64 + type: string + service_to_join_with: + description: ServiceToJoinWith When bootstrapping, instead of + creating a new Cassandra cluster try to join an existing one + from another service. Can only be set on service creation. + maxLength: 64 + type: string + static_ips: + description: StaticIps Use static public IP addresses + type: boolean + type: object + required: + - project + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + state: + description: Service state + type: string + required: + - conditions + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml b/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml index 5bb5e8c..4a0a7d4 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_clickhouseusers.yaml @@ -93,13 +93,12 @@ spec: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition diff --git a/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml new file mode 100644 index 0000000..95cf195 --- /dev/null +++ b/charts/aiven-operator-crds/templates/aiven.io_grafanas.yaml @@ -0,0 +1,761 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: grafanas.aiven.io +spec: + group: aiven.io + names: + kind: Grafana + listKind: GrafanaList + plural: grafanas + singular: grafana + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.project + name: Project + type: string + - jsonPath: .spec.cloudName + name: Region + type: string + - jsonPath: .spec.plan + name: Plan + type: string + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Grafana is the Schema for the grafanas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GrafanaSpec defines the desired state of Grafana + properties: + authSecretRef: + description: Authentication reference to Aiven token in a secret + properties: + key: + minLength: 1 + type: string + name: + minLength: 1 + type: string + type: object + cloudName: + description: Cloud the service runs in. + maxLength: 256 + type: string + connInfoSecretTarget: + description: Information regarding secret creation + properties: + name: + description: Name of the Secret resource to be created + type: string + required: + - name + type: object + disk_space: + description: The disk space of the service, possible values depend + on the service type, the cloud provider and the project. Reducing + will result in the service re-balancing. + format: ^[1-9][0-9]*(GiB|G)* + type: string + maintenanceWindowDow: + description: Day of week when maintenance operations should be performed. + One monday, tuesday, wednesday, etc. + enum: + - monday + - tuesday + - wednesday + - thursday + - friday + - saturday + - sunday + type: string + maintenanceWindowTime: + description: Time of day when maintenance operations should be performed. + UTC time in HH:mm:ss format. + maxLength: 8 + type: string + plan: + description: Subscription plan. + maxLength: 128 + type: string + project: + description: Target project. + format: ^[a-zA-Z0-9_-]*$ + maxLength: 63 + type: string + projectVPCRef: + description: ProjectVPCRef reference to ProjectVPC resource to use + its ID as ProjectVPCID automatically + properties: + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + required: + - name + type: object + projectVpcId: + description: Identifier of the VPC the service should be in, if any. + maxLength: 36 + type: string + tags: + additionalProperties: + type: string + description: Tags are key-value pairs that allow you to categorize + services. + type: object + terminationProtection: + description: Prevent service from being deleted. It is recommended + to have this enabled for all services. + type: boolean + userConfig: + description: Cassandra specific user configuration options + properties: + additional_backup_regions: + description: AdditionalBackupRegions Additional Cloud Regions + for Backup Replication + items: + type: string + maxItems: 1 + type: array + alerting_enabled: + description: AlertingEnabled Enable or disable Grafana alerting + functionality + type: boolean + alerting_error_or_timeout: + description: AlertingErrorOrTimeout Default error or timeout setting + for new alerting rules + enum: + - alerting + - keep_state + type: string + alerting_max_annotations_to_keep: + description: AlertingMaxAnnotationsToKeep Max number of alert + annotations that Grafana stores. 0 (default) keeps all alert + annotations. + maximum: 1000000 + minimum: 0 + type: integer + alerting_nodata_or_nullvalues: + description: AlertingNodataOrNullvalues Default value for 'no + data or null values' for new alerting rules + enum: + - alerting + - no_data + - keep_state + - ok + type: string + allow_embedding: + description: AllowEmbedding Allow embedding Grafana dashboards + with iframe/frame/object/embed tags. Disabled by default to + limit impact of clickjacking + type: boolean + auth_azuread: + description: AuthAzuread Azure AD OAuth integration + properties: + allow_sign_up: + description: AllowSignUp Automatically sign-up users on successful + sign-in + type: boolean + allowed_domains: + description: AllowedDomains Allowed domains + items: + type: string + maxItems: 50 + type: array + allowed_groups: + description: AllowedGroups Require users to belong to one + of given groups + items: + type: string + maxItems: 50 + type: array + auth_url: + description: AuthUrl Authorization URL + maxLength: 2048 + type: string + client_id: + description: ClientId Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: ClientSecret Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + token_url: + description: TokenUrl Token URL + maxLength: 2048 + type: string + required: + - auth_url + - client_id + - client_secret + - token_url + type: object + auth_basic_enabled: + description: AuthBasicEnabled Enable or disable basic authentication + form, used by Grafana built-in login + type: boolean + auth_generic_oauth: + description: AuthGenericOauth Generic OAuth integration + properties: + allow_sign_up: + description: AllowSignUp Automatically sign-up users on successful + sign-in + type: boolean + allowed_domains: + description: AllowedDomains Allowed domains + items: + type: string + maxItems: 50 + type: array + allowed_organizations: + description: AllowedOrganizations Require user to be member + of one of the listed organizations + items: + type: string + maxItems: 50 + type: array + api_url: + description: ApiUrl API URL + maxLength: 2048 + type: string + auth_url: + description: AuthUrl Authorization URL + maxLength: 2048 + type: string + client_id: + description: ClientId Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: ClientSecret Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + name: + description: Name of the OAuth integration + maxLength: 128 + pattern: ^[a-zA-Z0-9_\- ]+$ + type: string + scopes: + description: Scopes OAuth scopes + items: + type: string + maxItems: 50 + type: array + token_url: + description: TokenUrl Token URL + maxLength: 2048 + type: string + required: + - api_url + - auth_url + - client_id + - client_secret + - token_url + type: object + auth_github: + description: AuthGithub Github Auth integration + properties: + allow_sign_up: + description: AllowSignUp Automatically sign-up users on successful + sign-in + type: boolean + allowed_organizations: + description: AllowedOrganizations Require users to belong + to one of given organizations + items: + type: string + maxItems: 50 + type: array + client_id: + description: ClientId Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: ClientSecret Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + team_ids: + description: TeamIds Require users to belong to one of given + team IDs + items: + type: integer + maxItems: 50 + type: array + required: + - client_id + - client_secret + type: object + auth_gitlab: + description: AuthGitlab GitLab Auth integration + properties: + allow_sign_up: + description: AllowSignUp Automatically sign-up users on successful + sign-in + type: boolean + allowed_groups: + description: AllowedGroups Require users to belong to one + of given groups + items: + type: string + maxItems: 50 + type: array + api_url: + description: ApiUrl API URL. This only needs to be set when + using self hosted GitLab + maxLength: 2048 + type: string + auth_url: + description: AuthUrl Authorization URL. This only needs to + be set when using self hosted GitLab + maxLength: 2048 + type: string + client_id: + description: ClientId Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: ClientSecret Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + token_url: + description: TokenUrl Token URL. This only needs to be set + when using self hosted GitLab + maxLength: 2048 + type: string + required: + - allowed_groups + - client_id + - client_secret + type: object + auth_google: + description: AuthGoogle Google Auth integration + properties: + allow_sign_up: + description: AllowSignUp Automatically sign-up users on successful + sign-in + type: boolean + allowed_domains: + description: AllowedDomains Domains allowed to sign-in to + this Grafana + items: + type: string + maxItems: 64 + type: array + client_id: + description: ClientId Client ID from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + client_secret: + description: ClientSecret Client secret from provider + maxLength: 1024 + pattern: ^[\040-\176]+$ + type: string + required: + - allowed_domains + - client_id + - client_secret + type: object + cookie_samesite: + description: 'CookieSamesite Cookie SameSite attribute: ''strict'' + prevents sending cookie for cross-site requests, effectively + disabling direct linking from other sites to Grafana. ''lax'' + is the default value.' + enum: + - lax + - strict + - none + type: string + custom_domain: + description: CustomDomain Serve the web frontend using a custom + CNAME pointing to the Aiven DNS name + maxLength: 255 + type: string + dashboard_previews_enabled: + description: DashboardPreviewsEnabled This feature is new in Grafana + 9 and is quite resource intensive. It may cause low-end plans + to work more slowly while the dashboard previews are rendering. + type: boolean + dashboards_min_refresh_interval: + description: DashboardsMinRefreshInterval Signed sequence of decimal + numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, + 1h + maxLength: 16 + pattern: ^[0-9]+(ms|s|m|h|d)$ + type: string + dashboards_versions_to_keep: + description: DashboardsVersionsToKeep Dashboard versions to keep + per dashboard + maximum: 100 + minimum: 1 + type: integer + dataproxy_send_user_header: + description: DataproxySendUserHeader Send 'X-Grafana-User' header + to data source + type: boolean + dataproxy_timeout: + description: DataproxyTimeout Timeout for data proxy requests + in seconds + maximum: 90 + minimum: 15 + type: integer + date_formats: + description: DateFormats Grafana date format specifications + properties: + default_timezone: + description: DefaultTimezone Default time zone for user preferences. + Value 'browser' uses browser local time zone. + maxLength: 64 + pattern: (?i)^([a-zA-Z_]+/){1,2}[a-zA-Z_-]+$|^(Etc/)?(UTC|GMT)([+-](\d){1,2})?$|^(Factory)$|^(browser)$ + type: string + full_date: + description: FullDate Moment.js style format string for cases + where full date is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_day: + description: IntervalDay Moment.js style format string used + when a time requiring day accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_hour: + description: IntervalHour Moment.js style format string used + when a time requiring hour accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_minute: + description: IntervalMinute Moment.js style format string + used when a time requiring minute accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_month: + description: IntervalMonth Moment.js style format string used + when a time requiring month accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_second: + description: IntervalSecond Moment.js style format string + used when a time requiring second accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + interval_year: + description: IntervalYear Moment.js style format string used + when a time requiring year accuracy is shown + maxLength: 128 + pattern: '^(([Hh]mm(ss)?|Mo|MM?M?M?|Do|DDDo|DD?D?D?|ddd?d?|do?|w[o|w]?|W[o|W]?|Qo?|N{1,5}|YYYYYY|YYYYY|YYYY|YY|y{2,4}|yo?|gg(ggg?)?|GG(GGG?)?|e|E|a|A|hh?|HH?|kk?|mm?|ss?|S{1,9}|x|X|zz?|ZZ?|LTS|LT|LL?L?L?|l{1,4}|[-+/T,;.: + ]?)*)$' + type: string + type: object + disable_gravatar: + description: DisableGravatar Set to true to disable gravatar. + Defaults to false (gravatar is enabled) + type: boolean + editors_can_admin: + description: EditorsCanAdmin Editors can manage folders, teams + and dashboards created by them + type: boolean + external_image_storage: + description: ExternalImageStorage External image store settings + properties: + access_key: + description: AccessKey S3 access key. Requires permissions + to the S3 bucket for the s3:PutObject and s3:PutObjectAcl + actions + maxLength: 4096 + pattern: ^[A-Z0-9]+$ + type: string + bucket_url: + description: BucketUrl Bucket URL for S3 + maxLength: 2048 + type: string + provider: + description: Provider type + enum: + - s3 + type: string + secret_key: + description: SecretKey S3 secret key + maxLength: 4096 + pattern: ^[A-Za-z0-9/+=]+$ + type: string + required: + - access_key + - bucket_url + - provider + - secret_key + type: object + google_analytics_ua_id: + description: GoogleAnalyticsUaId Google Analytics ID + maxLength: 64 + pattern: ^(G|UA|YT|MO)-[a-zA-Z0-9-]+$ + type: string + ip_filter: + description: IpFilter Allow incoming connections from CIDR address + block, e.g. '10.20.0.0/16' + items: + description: IpFilter CIDR address block, either as a string, + or in a dict with an optional description field + properties: + description: + description: Description for IP filter list entry + maxLength: 1024 + type: string + network: + description: Network CIDR address block + maxLength: 43 + type: string + required: + - network + type: object + maxItems: 1024 + type: array + metrics_enabled: + description: MetricsEnabled Enable Grafana /metrics endpoint + type: boolean + private_access: + description: PrivateAccess Allow access to selected service ports + from private networks + properties: + grafana: + description: Grafana Allow clients to connect to grafana with + a DNS name that always resolves to the service's private + IP addresses. Only available in certain network locations + type: boolean + type: object + privatelink_access: + description: PrivatelinkAccess Allow access to selected service + components through Privatelink + properties: + grafana: + description: Grafana Enable grafana + type: boolean + type: object + project_to_fork_from: + description: ProjectToForkFrom Name of another project to fork + a service from. This has effect only when a new service is being + created. + maxLength: 63 + type: string + public_access: + description: PublicAccess Allow access to selected service ports + from the public Internet + properties: + grafana: + description: Grafana Allow clients to connect to grafana from + the public internet for service nodes that are in a project + VPC or another type of private network + type: boolean + type: object + recovery_basebackup_name: + description: RecoveryBasebackupName Name of the basebackup to + restore in forked service + maxLength: 128 + pattern: ^[a-zA-Z0-9-_:.]+$ + type: string + service_to_fork_from: + description: ServiceToForkFrom Name of another service to fork + from. This has effect only when a new service is being created. + maxLength: 64 + type: string + smtp_server: + description: SmtpServer SMTP server settings + properties: + from_address: + description: FromAddress Address used for sending emails + maxLength: 319 + pattern: ^[A-Za-z0-9_\-\.+\'&]+@(([\da-zA-Z])([_\w-]{,62})\.){,127}(([\da-zA-Z])[_\w-]{,61})?([\da-zA-Z]\.((xn\-\-[a-zA-Z\d]+)|([a-zA-Z\d]{2,})))$ + type: string + from_name: + description: FromName Name used in outgoing emails, defaults + to Grafana + maxLength: 128 + pattern: ^[^\x00-\x1F]+$ + type: string + host: + description: Host Server hostname or IP + maxLength: 255 + type: string + password: + description: Password for SMTP authentication + maxLength: 255 + pattern: ^[^\x00-\x1F]+$ + type: string + port: + description: Port SMTP server port + maximum: 65535 + minimum: 1 + type: integer + skip_verify: + description: SkipVerify Skip verifying server certificate. + Defaults to false + type: boolean + starttls_policy: + description: StarttlsPolicy Either OpportunisticStartTLS, + MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS. + enum: + - OpportunisticStartTLS + - MandatoryStartTLS + - NoStartTLS + type: string + username: + description: Username for SMTP authentication + maxLength: 255 + pattern: ^[^\x00-\x1F]+$ + type: string + required: + - from_address + - host + - port + type: object + static_ips: + description: StaticIps Use static public IP addresses + type: boolean + user_auto_assign_org: + description: UserAutoAssignOrg Auto-assign new users on signup + to main organization. Defaults to false + type: boolean + user_auto_assign_org_role: + description: UserAutoAssignOrgRole Set role for new signups. Defaults + to Viewer + enum: + - Viewer + - Admin + - Editor + type: string + viewers_can_edit: + description: ViewersCanEdit Users with view-only permission can + edit but not save dashboards + type: boolean + type: object + required: + - project + type: object + status: + description: ServiceStatus defines the observed state of service + properties: + conditions: + description: Conditions represent the latest available observations + of a service state + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + state: + description: Service state + type: string + required: + - conditions + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/aiven-operator-crds/templates/aiven.io_projects.yaml b/charts/aiven-operator-crds/templates/aiven.io_projects.yaml index 8e3e754..ec81f7c 100644 --- a/charts/aiven-operator-crds/templates/aiven.io_projects.yaml +++ b/charts/aiven-operator-crds/templates/aiven.io_projects.yaml @@ -135,13 +135,12 @@ spec: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition diff --git a/charts/aiven-operator/Chart.yaml b/charts/aiven-operator/Chart.yaml index c988ab4..d5cd1a7 100644 --- a/charts/aiven-operator/Chart.yaml +++ b/charts/aiven-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: aiven-operator description: A Helm chart to deploy the aiven operator type: application -version: v0.6.0 -appVersion: v0.6.0 +version: v0.7.0 +appVersion: v0.7.0 maintainers: - name: mhoffm-aiven url: https://www.aiven.io diff --git a/charts/aiven-operator/templates/mutating_webhook_configuration.yaml b/charts/aiven-operator/templates/mutating_webhook_configuration.yaml index 0df3077..2c3aff7 100644 --- a/charts/aiven-operator/templates/mutating_webhook_configuration.yaml +++ b/charts/aiven-operator/templates/mutating_webhook_configuration.yaml @@ -1,5 +1,4 @@ {{- if .Values.webhooks.enabled }} - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -9,367 +8,406 @@ metadata: namespace: {{ include "aiven-operator.namespace" . }} labels: {{- include "aiven-operator.labels" . | nindent 4 }} - webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-clickhouse - failurePolicy: Fail - name: mclickhouse.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouses - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-clickhouseuser - failurePolicy: Fail - name: mclickhouseuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouseusers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-connectionpool - failurePolicy: Fail - name: mconnectionpool.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - connectionpools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-database - failurePolicy: Fail - name: mdatabase.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - databases - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafka - failurePolicy: Fail - name: mkafka.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafkaacl - failurePolicy: Fail - name: mkafkaacl.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaacls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafkaconnect - failurePolicy: Fail - name: mkafkaconnect.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaconnects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafkaconnector - failurePolicy: Fail - name: mkafkaconnector.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaconnectors - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafkaschema - failurePolicy: Fail - name: mkafkaschema.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaschemas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-kafkatopic - failurePolicy: Fail - name: mkafkatopic.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkatopics - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-mysql - failurePolicy: Fail - name: mpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - mysqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-opensearch - failurePolicy: Fail - name: mopensearch.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - opensearches - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-postgresql - failurePolicy: Fail - name: mpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - postgresqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-project - failurePolicy: Fail - name: mproject.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-projectvpc - failurePolicy: Fail - name: mprojectvpc.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projectvpcs - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-redis - failurePolicy: Fail - name: mredis.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - redis - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-serviceintegration - failurePolicy: Fail - name: mserviceintegration.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceintegrations - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /mutate-aiven-io-v1alpha1-serviceuser - failurePolicy: Fail - name: mserviceuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceusers - sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-cassandra + failurePolicy: Fail + name: mcassandra.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - cassandras + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-clickhouse + failurePolicy: Fail + name: mclickhouse.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clickhouses + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-clickhouseuser + failurePolicy: Fail + name: mclickhouseuser.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clickhouseusers + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-connectionpool + failurePolicy: Fail + name: mconnectionpool.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - connectionpools + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-database + failurePolicy: Fail + name: mdatabase.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - databases + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-grafana + failurePolicy: Fail + name: mgrafana.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - grafanas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafka + failurePolicy: Fail + name: mkafka.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafkaacl + failurePolicy: Fail + name: mkafkaacl.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaacls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafkaconnect + failurePolicy: Fail + name: mkafkaconnect.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaconnects + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafkaconnector + failurePolicy: Fail + name: mkafkaconnector.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaconnectors + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafkaschema + failurePolicy: Fail + name: mkafkaschema.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaschemas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-kafkatopic + failurePolicy: Fail + name: mkafkatopic.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkatopics + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-mysql + failurePolicy: Fail + name: mmysql.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - mysqls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-opensearch + failurePolicy: Fail + name: mopensearch.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - opensearches + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-postgresql + failurePolicy: Fail + name: mpg.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - postgresqls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-project + failurePolicy: Fail + name: mproject.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - projects + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-projectvpc + failurePolicy: Fail + name: mprojectvpc.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - projectvpcs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-redis + failurePolicy: Fail + name: mredis.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - redis + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-serviceintegration + failurePolicy: Fail + name: mserviceintegration.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - serviceintegrations + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /mutate-aiven-io-v1alpha1-serviceuser + failurePolicy: Fail + name: mserviceuser.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - serviceusers + sideEffects: None {{- end }} diff --git a/charts/aiven-operator/templates/validating_webhook_configuration.yaml b/charts/aiven-operator/templates/validating_webhook_configuration.yaml index 3c774d2..dc2c75b 100644 --- a/charts/aiven-operator/templates/validating_webhook_configuration.yaml +++ b/charts/aiven-operator/templates/validating_webhook_configuration.yaml @@ -1,5 +1,4 @@ {{- if .Values.webhooks.enabled }} - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -8,379 +7,421 @@ metadata: name: {{ include "aiven-operator.fullname" . }}-validating-webhook-configuration namespace: {{ include "aiven-operator.namespace" . }} labels: - {{- include "aiven-operator.labels" . | nindent 4 }} +{{- include "aiven-operator.labels" . | nindent 4 }} webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-clickhouse - failurePolicy: Fail - name: vclickhouse.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - clickhouses - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-clickhouseuser - failurePolicy: Fail - name: vclickhouseuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clickhouseusers - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-connectionpool - failurePolicy: Fail - name: vconnectionpool.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - connectionpools - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-database - failurePolicy: Fail - name: vdatabase.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - databases - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafka - failurePolicy: Fail - name: vkafka.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafkaacl - failurePolicy: Fail - name: vkafkaacl.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaacls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafkaconnect - failurePolicy: Fail - name: vkafkaconnect.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkaconnects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafkaconnector - failurePolicy: Fail - name: vkafkaconnector.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkaconnectors - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafkaschema - failurePolicy: Fail - name: vkafkaschema.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - kafkaschemas - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-kafkatopic - failurePolicy: Fail - name: vkafkatopic.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - kafkatopics - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-mysql - failurePolicy: Fail - name: vpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - mysqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-opensearch - failurePolicy: Fail - name: vopensearch.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - opensearches - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-postgresql - failurePolicy: Fail - name: vpg.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - postgresqls - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-project - failurePolicy: Fail - name: vproject.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - projects - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-projectvpc - failurePolicy: Fail - name: vprojectvpc.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - projectvpcs - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-redis - failurePolicy: Fail - name: vredis.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - - DELETE - resources: - - redis - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-serviceintegration - failurePolicy: Fail - name: vserviceintegration.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceintegrations - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: {{ include "aiven-operator.fullname" . }}-webhook-service - namespace: {{ include "aiven-operator.namespace" . }} - path: /validate-aiven-io-v1alpha1-serviceuser - failurePolicy: Fail - name: vserviceuser.kb.io - rules: - - apiGroups: - - aiven.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - serviceusers - sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-cassandra + failurePolicy: Fail + name: vcassandra.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - cassandras + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-clickhouse + failurePolicy: Fail + name: vclickhouse.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - clickhouses + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-clickhouseuser + failurePolicy: Fail + name: vclickhouseuser.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - clickhouseusers + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-connectionpool + failurePolicy: Fail + name: vconnectionpool.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - connectionpools + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-database + failurePolicy: Fail + name: vdatabase.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - databases + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-grafana + failurePolicy: Fail + name: vgrafana.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - grafanas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafka + failurePolicy: Fail + name: vkafka.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - kafkas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafkaacl + failurePolicy: Fail + name: vkafkaacl.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaacls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafkaconnect + failurePolicy: Fail + name: vkafkaconnect.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - kafkaconnects + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafkaconnector + failurePolicy: Fail + name: vkafkaconnector.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - kafkaconnectors + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafkaschema + failurePolicy: Fail + name: vkafkaschema.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - kafkaschemas + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-kafkatopic + failurePolicy: Fail + name: vkafkatopic.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - kafkatopics + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-mysql + failurePolicy: Fail + name: vmysql.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - mysqls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-opensearch + failurePolicy: Fail + name: vopensearch.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - opensearches + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-postgresql + failurePolicy: Fail + name: vpg.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - postgresqls + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-project + failurePolicy: Fail + name: vproject.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - projects + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-projectvpc + failurePolicy: Fail + name: vprojectvpc.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - projectvpcs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-redis + failurePolicy: Fail + name: vredis.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - redis + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-serviceintegration + failurePolicy: Fail + name: vserviceintegration.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - serviceintegrations + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "aiven-operator.fullname" . }}-webhook-service + namespace: {{ include "aiven-operator.namespace" . }} + path: /validate-aiven-io-v1alpha1-serviceuser + failurePolicy: Fail + name: vserviceuser.kb.io + rules: + - apiGroups: + - aiven.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - serviceusers + sideEffects: None {{- end }}